Arab Security Consultants

  • Home
  • Courses
    • EC-Council Programs
    • EC-Council iWeek Courses
    • PECB
      • ISO/IEC 27001 Lead Implementer
      • ISO/IEC 27001 Lead Auditor
    • Cyber Book
  • Organized Events
    • Arab Security Conference
    • Arab Security Cyber WarGames
  • Services
    • CodeRed
    • OhPhish
    • Risk Assessment
    • Social Engineering
    • Identity & Access Security
    • Vulnerability Assessment
    • Penetration Testing
  • Training centers
  • EC-Council with ASC
  • News
  • Contact Us
  • Home
  • News
  • Microsoft Confirms Russian Hackers Stole Source Code, Some Customer Secrets

Microsoft Confirms Russian Hackers Stole Source Code, Some Customer Secrets

Microsoft Confirms Russian Hackers Stole Source Code, Some Customer Secrets

by Ayman Hamam / Monday, 11 March 2024 / Published in News

Microsoft on Friday revealed that the Kremlin-backed threat actor known as Midnight Blizzard (aka APT29 or Cozy Bear) managed to gain access to some of its source code repositories and internal systems following a hack that came to light in January 2024.

“In recent weeks, we have seen evidence that Midnight Blizzard is using information initially exfiltrated from our corporate email systems to gain, or attempt to gain unauthorized access,” the tech giant said.

“This has included access to some of the company’s source code repositories and internal systems. We have found no evidence that Microsoft-hosted customer-facing systems have been compromised.”

Redmond, which is continuing to investigate the extent of the breach, said the Russian state-sponsored threat actor is attempting to leverage the different types of secrets it found, including those that were shared between customers and Microsoft in email.

It, however, did not disclose what these secrets were or the scale of the compromise, although it said it has directly reached out to impacted customers. It’s not clear what source code was accessed.

Stating that it has increased its security investments, Microsoft further noted that the adversary ramped up its password spray attacks by as much as 10-fold in February, compared to the “already large volume” observed in January.

“Midnight Blizzard’s ongoing attack is characterized by a sustained, significant commitment of the threat actor’s resources, coordination, and focus,” it said.

“It may be using the information it has obtained to accumulate a picture of areas to attack and enhance its ability. This reflects what has become more broadly an unprecedented global threat landscape, especially regarding sophisticated nation-state attacks.”

The Microsoft breach is said to have taken place in November 2023, with Midnight Blizzard employing a password spray attack to successfully infiltrate a legacy, non-production test tenant account that did not have multi-factor authentication (MFA) enabled.

The tech giant, in late January, revealed that APT29 had targeted other organizations by taking advantage of a diverse set of initial access methods ranging from stolen credentials to supply chain attacks.

Midnight Blizzard is considered part of Russia’s Foreign Intelligence Service (SVR). Active since at least 2008, the threat actor is one of the most prolific and sophisticated hacking groups, compromising high-profile targets such as SolarWinds.

  • Tweet
Tagged under: APT29, breach, Cozy Bear, cyberattack, cyberSecurity, Microsoft, Midnight Blizzard, nation-state threat, Russia, source code

What you can read next

Latest Gootkit malware attacks target Australian healthcare sector
A new variant of the SysUpdate malware attacks Linux and employs evasion tactics
Researchers discover 3 PyPI packages that spread malware to developer systems

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

  • Home
  • Contact Us
  • Services
  • Training Centers
  • GET SOCIAL

Arab Security Consultants | Copyright © 2023 All rights reserved.

TOP