In March 2024, Microsoft announced a security breach by the Russian hacking group Midnight Blizzard (aka NOBELIUM), which managed to access internal systems and source code repositories utilizing authentication secrets previously stolen during a January cyberattack. This cyberattack involved a sophisticated strategy where the attackers infiltrated Microsoft's email servers through a password spray attack, targeting a non-production test tenant account lacking multi-factor authentication. This lapse in security enabled the threat actors to access corporate emails, including those of Microsoft's leadership, cybersecurity, and legal departments. The hackers exploited the stolen information to further penetrate Microsoft's systems, including source code repositories. Despite these breaches, Microsoft has found no evidence of compromise to customer-facing systems. The company has increased security measures and is coordinating with federal law enforcement and affected customers to mitigate the risks posed by the ongoing activities of Midnight Blizzard. This group, linked to Russia's SVR, is known for its involvement in significant cyberespionage activities, including the 2020 SolarWinds attack and other operations targeting NATO and EU countries.

Microsoft says Russian hackers breached its systems, accessed source code BleepingComputer

A ransomware gang, identified as Rhysida, has claimed to have successfully sold data stolen from Lurie Children's Hospital in Chicago, initially listed for a ransom of $3.4 million or 60 bitcoins on the dark web. The cyberattack, which occurred last month, significantly disrupted the hospital's computer networks and clinical operations, forcing a temporary reliance on manual systems. Despite these challenges, Lurie Children's committed to continuing patient care, albeit with some cancellations of appointments and elective surgeries. The hospital is now in the process of gradually restoring its vital systems, including its electronic health records and phone systems, while cooperating with law enforcement and cyber experts to investigate the breach. This incident is part of a worrying trend of increasing cyber attacks targeting the healthcare sector, with another organization, Change Healthcare, also currently experiencing costly disruptions.

Ransomware gang claims to have made $3.4 million after attacking children’s hospital The Record

In January 2024, Microsoft disclosed a significant security breach by the Kremlin-backed cyber espionage group Midnight Blizzard (also known as APT29 or Cozy Bear), which resulted in unauthorized access to some of Microsoft's source code repositories and internal systems. The attack, initiated through a password spray strategy, exploited a legacy, non-production test account without multi-factor authentication (MFA), revealing the sophistication and resources committed by the threat actor. Despite the breach, Microsoft affirmed that its customer-facing systems remained uncompromised and has since contacted affected customers. The company has announced an increase in its security investments to counter the amplified tactics of Midnight Blizzard, which leverages exfiltrated information for further unauthorized access, marking an escalation in global cybersecurity threats.

Microsoft Confirms Russian Hackers Stole Source Code, Some Customer Secrets The Hacker News

In a recent discussion with CNBC's Jim Cramer, CrowdStrike CEO George Kurtz emphasized the growing threat posed by cybercriminals who are leveraging advanced generative artificial intelligence to conduct sophisticated attacks, regardless of their own technical expertise. Kurtz highlighted how generative AI is making complex cyberattack techniques accessible to less skilled adversaries, suggesting a future where the fight against cybercrime will increasingly hinge on opposing AI capabilities.

CrowdStrike CEO says cybercriminals are leveling up: 'It’s going to be the battle of AI in the future' CNBC