Share

Cybersecurity, Microsoft targeted by Russian hackers: access to source codes and sensitive information

The Midnight Blizzard, a hacking group affiliated with the Russian Foreign Intelligence Service, continues to infiltrate Microsoft systems using information taken from a previous attack. Gain access to some of its digital source code archives and internal systems

Cybersecurity, Microsoft targeted by Russian hackers: access to source codes and sensitive information

Microsoft still in the sights of cybercriminals. The company confirmed that i Russian government hackers, known as Midnight blizzard, are continuing to infiltrate its systems internals using information obtained during an attack last year that breached company email systems and stole emails and documents from employee accounts. This time, the company revealed that Midnight Blizzard has targeting Microsoft's source code and other sensitive internal systems.

“In the last few weeks, we have collected evidence that the Midnight Blizzard (or Nobelium) hacker group is using information that was stolen from our corporate email systems to gain, or attempt to gain, unauthorized access, including to some of the company's source code archives and internal systems. At this time, we have found no evidence that customer interface systems in the Microsoft environment have been compromised,” Microsoft said in a statement.

The previous Russian attack was in November 2023

This new security breach comes after Microsoft revealed in January this year that the Russian hackers had entered the company's systems last November. During that episode, hackers gained access to the corporate email accounts of senior management teams and employees in cybersecurity, legal and other functions, with the goal of finding out what information Microsoft held about them.

According to Microsoft, the activities of Russian hackers demonstrate a sustained and meaningful commitment of their resources, coordination and concentration. It is not clear what specific source codes the hackers obtained, but they are believed to be trying to use “different types of secrets they found” in emails shared between Microsoft and its customers. The company is contacting customers to assist in taking risk mitigation measures warning that Midnight Blizzard may use the information obtained to plan further attacks and improve their offensive capabilities.

Who are Midnight Blizzard

Midnight blizzard, also known as APT29, is a hacker group suspected of be affiliated with the Russian Foreign Intelligence Service (SVR). The initial emergence of Midnight Blizzard operations occurred in 2008 when the first MiniDuke malware samples were compiled according to Kaspersky. APT29 uses a wide range of advanced techniques in their cyber operations in support of the intelligence requirements of the SVR.

The Group heavily targets organizations responsible for influencing the foreign policy of NATO countries. Midnight Blizzard has been suspected of being involved in several high-profile intrusion and compromise attempts, including the Office Monkeys campaign in 2014 that targeted a private research institute based in Washington D.C., the Pentagon in 2015, the Committee National Democratic Party (DNC) and US think tanks in 2016, the Norwegian government and several Dutch ministries in 2017. The group has also targeted organizations in the education sector affiliated with medical research. The group is very likely to target such institutions for espionage purposes, in order to mine data related to Western medical advances.

comments