Microsoft says Russian hackers continue to attack—and stole some of its source code

Microsoft is offering an update into the hack it first reported in January—and things aren’t looking good. The tech giant says state-sponsored hackers, backed by Russia, are still trying to access its systems and successfully stole “some of the company’s source code repositories and internal systems.”

The hackers, who call themselves Midnight Blizzard or Nobelium, were also responsible for the SolarWinds attack that compromised the Treasury and Commerce Departments in December 2020.

“In recent weeks, we have seen evidence that Midnight Blizzard [Nobelium] is using information initially exfiltrated from our corporate email systems to gain, or attempt to gain, unauthorized access,” Microsoft wrote in a blog post. “This has included access to some of the company’s source code repositories and internal systems. To date we have found no evidence that Microsoft-hosted customer-facing systems have been compromised.”

Obtaining source code is a big win for hackers, as it lets them discover how a software program functions, allowing them to probe it for weaknesses. That knowledge can be used to launch follow-up attacks in unexpected ways.

In a filing with the Securities and Exchange Commission (SEC), Microsoft said the attack has not had a material impact on its operations, but warned that was still a possibility, despite increased security investments and coordination with federal law enforcement officials.

“Since the date of the Original Filing, the Company has determined that the threat actor used and continues to use information it obtained to gain, or attempt to gain, unauthorized access to some of the Company’s source code repositories and internal systems,” the filing reads. “The threat actor’s ongoing attack is characterized by a sustained, significant commitment of the threat actor’s resources, coordination, and focus.”

Microsoft said the hacker group was attempting to access both company secrets as well as secrets shared between Microsoft and its customers. It is reaching out to affected companies to offer assistance, it said.

Midnight Blizzard/Nobelium initially breached Microsoft last year, using what’s known as a password spray attack, a brute force method where hackers attempt to use a catalog of possible passwords. The initial attack came soon after a security attack on the company’s Azure cloud system.

The hackers are ramping up those sorts of attacks now.

“Midnight Blizzard has increased the volume of some aspects of the attack, such as password sprays, by as much as tenfold in February, compared to the already large volume we saw in January 2024,” Microsoft said.

The chief focus of the hackers is intelligence gathering. Midnight Blizzard/Nobelium most often targets governments, think tanks, information technology service providers and diplomats in the U.S. and Europe and is thought to share the information with Russia’s foreign intelligence service.

Russia has denied involvement in the attack.

Microsoft said its investigation of the attack is still ongoing and it will continue to give updates on what it finds. In the meantime, it added, it has “enhanced our ability to defend ourselves and secure and harden our environment against this advanced persistent threat. We have and will continue to put in place additional enhanced security controls, detections, and monitoring.”

https://www.fastcompany.com/91052944/microsoft-says-russian-hackers-continue-to-attack-and-stole-some-of-its-source-code?partner=rss&utm_source=rss&utm_medium=feed&utm_campaign=rss+fastcompany&utm_content=rss

Vytvorené 1y | 8. 3. 2024, 20:50:03


Ak chcete pridať komentár, prihláste sa

Ostatné príspevky v tejto skupine

PBS chief Paula Kerger warns public broadcasting could collapse in small communities if Congress strips federal funding

As Congress moves to make massive cuts to public broadcasting this week, Paula Kerger, president and CEO of the Public Broadcasting Service (PBS), gives an unflinching look at the organization’s f

9. 7. 2025, 14:30:04 | Fast company - tech
These personality types are most likely to cheat using AI

As recent graduates proudly showcase their use of ChatGPT for final projects, some may wonder: What kind of person turns to

9. 7. 2025, 14:30:04 | Fast company - tech
Samsung fixed everything you hated about foldable phones—except the price

Just over a month ago, Samsung did something strange to start hyping up its next foldable phone announcements.

Those phones, which Samsung revealed today, are officially called the Samsu

9. 7. 2025, 14:30:04 | Fast company - tech
Tesla stock is tanking. Could shareholders fire Elon Musk?

It’s not a great time to be a Tesla shareholder. While the stock was up 2.5% in midday trading on Tuesday, July 8, it remains down for the month and has

9. 7. 2025, 12:10:05 | Fast company - tech
‘The /r/overemployed king’: A serial moonlighter was exposed for holding 19 jobs at Silicon Valley startups

A software engineer became X’s main character last week after being outed as a serial moonlighter at multiple Silicon Valley startups.

“PSA: there’s a guy named Soham Parekh (in India) w

8. 7. 2025, 22:20:04 | Fast company - tech
Texas flood recovery efforts face an unexpected obstacle: drones

The flash floods that have devastated Texas are already a difficult crisis to manage. More than 100 people are confirmed dead

8. 7. 2025, 17:40:02 | Fast company - tech