Microsoft Says Russian State-Sponsored Hackers Trying To Breach Its Systems Again
Microsoft said on Friday that a Russian state-sponsored hacking group named Midnight Blizzard was trying to breach its systems again, by using information it stole from the tech giant’s corporate emails in January.
The disclosure shows that the hacking group analysts link to Russian intelligence is persistent and focused on penetrating Microsoft, which is one of the world’s largest software makers and a key provider of digital services and infrastructure to the U.S. government.
The Russian embassy in Washington did not immediately respond to a request for comment on Microsoft’s statement. It also hasn’t responded to Microsoft’s previous statements about Midnight Blizzard activity.
In January, Microsoft said it had found the hackers tried to breach “a very small percentage” of its corporate email accounts including members of its senior leadership team and those in cybersecurity, legal, and other functions.
It appears the hacking group, also known as Nobelium, is trying to use the data it stole then to break into Microsoft systems again, the company said.
“In recent weeks, we have seen evidence that Midnight Blizzard is using information initially exfiltrated from our corporate email systems to gain, or attempt to gain, unauthorized access,” it said in a blog.
That data includes some of its source code repositories and internal systems, the company added. Its shares edged lower following the news.
“It is apparent that Midnight Blizzard is attempting to use secrets of different types it has found,” it added.
“Some of these secrets were shared between customers and Microsoft in email, and as we discover them in our exfiltrated email, we have been and are reaching out to these customers to assist them in taking mitigating measures.” Microsoft did not name those affected customers.
It also said the hackers had become more aggressive in their targeting, and their use of “password sprays” — where an attacker uses the same password on multiple accounts in the hope of breaking in — had increased as much as tenfold compared to their January attack.