Microsoft has detailed an update on the ongoing cyberattack attributed to suspected Russian government-sponsored hackers.
The group known as Midnight Blizzard used information obtained during last year's hit to target Microsoft's internal systems, the tech giant said in an official blog post.
The company also shared an update with the U.S. Securities and Exchange Commission in a new filing posted Friday.
“In recent weeks, we have identified evidence that Midnight Blizzard is using information initially leaked from the company's email systems to gain or attempt to gain unauthorized access,” Microsoft said.
“This included access to some of the company’s source code repositories and internal systems. “To date, we have found no evidence that any Microsoft-hosted customer-facing systems have been compromised.”
What was the first Midnight Blizzard cyberattack on Microsoft?
During a targeted reconnaissance mission, Midnight Blizzard (also known as Nobelium) was able to access existing system accounts using a password spray attack.
Although the malicious activity was discovered on January 12, the cyberattack is believed to have started in late November 2023, allowing the US multinational tech giant to catch up on serious incidents.
Now, Microsoft is facing further intrusions from hackers “trying to use the different types of secrets they have discovered,” the company said, detailing the increase in the scale of the attacks. In February, it said password spraying had increased nearly tenfold, surpassing the significant percentage seen in January of this year.
This is a sophisticated and coordinated cyberattack that shows no signs of abating, as detailed in the statement.
“Midnight Blizzard’s ongoing attacks are characterized by a sustained and significant commitment to the resources, coordination, and focus of threat actors. “We can use the information we gain to build up a picture of the areas we want to attack and improve our ability to do so.”
“This reflects a broader global threat environment that is unprecedented, particularly in terms of sophisticated nation-state attacks.”
Microsoft insisted it was continuing to conduct an ongoing investigation into Midnight Blizzard's activities.
This hacker group is believed to be operating under the orders of Russia's Foreign Intelligence Service, originally known by its initials SVR.
Featured Image: Pexels