Microsoft says source code stolen in Russian hacking escalation

Customers may have been affected

Microsoft says source code stolen in Russian hacking escalation

Image:
Microsoft says source code stolen in Russian hacking escalation

Microsoft finds itself embroiled in a cybersecurity crisis as it disclosed further details about a sophisticated espionage campaign orchestrated by Russian state-sponsored hackers.

The company revealed on Friday that Russian hacking group known as Nobelium (also APT, Cozy Bear) and referred to internally by Microsoft as Midnight Blizzard, has successfully infiltrated some of its critical source code repositories and internal systems.

The latest revelation follows Microsoft's disclosure in January about the hacking of emails belonging to high-ranking executives. At the time, Microsoft stated that there was no evidence of the hacker group compromising customer data or operational systems.

The initial breach stemmed from a vulnerability exploited through a password spray attack, exploiting a non-production test tenant account lacking two-factor authentication. This entry point provided the Russian hackers with a foothold within Microsoft's networks, facilitating their nefarious activities.

While Microsoft said in its latest post that its customer-facing systems remain uncompromised, the company acknowledged the increased intensity of the attacks, noting a tenfold surge in password spray attempts during February compared to January 2024.

The attempted breaches targeted not only Microsoft's proprietary source code but also sought to access sensitive information shared between the company and its clientele.

"It is apparent that Midnight Blizzard is attempting to use secrets of different types it has found. Some of these secrets were shared between customers and Microsoft in email, and as we discover them in our exfiltrated email, we have been and are reaching out to these customers to assist them in taking mitigating measures," Microsoft said.

The company claims its response has been swift, bolstering its security investments, enhancing cross-enterprise coordination, and implementing additional safeguards to mitigate the threat posed by Midnight Blizzard.

Nobelium group

Nobelium/Midnight Blizzard is infamous for its sophisticated attacks. Microsoft, along with the US government, classifies the group as part of the Russian Foreign Intelligence Service, SVR.

Nobelium was responsible for one of the most significant breaches in US history, when it breached the US government by inserting malicious code into SolarWinds' Orion software updates.

"Midnight Blizzard's ongoing attack is characterised by a sustained, significant commitment of the threat actor's resources, coordination, and focus," Microsoft said.

"It may be using the information it has obtained to accumulate a picture of areas to attack and enhance its ability to do so."

This latest breach adds to Microsoft's recent history of cybersecurity woes, including the compromise of 30,000 organisations' email servers in 2021 and Chinese hackers exploiting vulnerabilities in its cloud services.

The ramifications of these cyber intrusions extend beyond Microsoft's domain, as other entities have also fallen victim to similar attacks.

Shortly after Microsoft's announcement, Hewlett Packard Enterprise disclosed that its cloud-based email system had been compromised, underscoring the far-reaching impact of such security breaches.

Britain's National Cyber Security Centre (NCSC) has previously accused Russia of conducting sustained cyberattacks targeting politicians, journalists and civil servants as part of a multifaceted strategy to subvert democracy.