Microsoft says Russian hackers stole source code after spying on its executives

Microsoft revealed earlier this year that Russian state-sponsored hackers had been spying on the email accounts of some members of its senior leadership team. Now, Microsoft is disclosing that the attack, from the same group behind the SolarWinds attack, has also led to some source code being stolen in what Microsoft describes as an ongoing attack.

“In recent weeks, we have seen evidence that Midnight Blizzard [Nobelium] is using information initially exfiltrated from our corporate email systems to gain, or attempt to gain, unauthorized access,” explains Microsoft in a blog post. “This has included access to some of the company’s source code repositories and internal systems. To date we have found no evidence that Microsoft-hosted customer-facing systems have been compromised.”

It’s not clear what source code was accessed, but Microsoft warns that the Nobelium group, or “Midnight Blizzard,” as Microsoft refers to them, is now attempting to use “secrets of different types it has found” to try to further breach the software giant and potentially its customers. “Some of these secrets were shared between customers and Microsoft in email, and as we discover them in our exfiltrated email, we have been and are reaching out to these customers to assist them in taking mitigating measures,” says Microsoft.

Nobelium initially accessed Microsoft’s systems through a password spray attack last year. This type of attack is a brute-force approach where hackers utilize a large dictionary of potential passwords against accounts. Microsoft had configured a non-production test tenant account without two-factor authentication enabled, allowing Nobelium to gain access.

“Across Microsoft, we have increased our security investments, cross-enterprise coordination and mobilization, and have enhanced our ability to defend ourselves and secure and harden our environment against this advanced persistent threat,” says Microsoft. “We have and will continue to put in place additional enhanced security controls, detections, and monitoring.”

Microsoft is still investigating Nobelium’s latest attacks on its systems. “Our active investigations of Midnight Blizzard activities are ongoing, and findings of our investigations will continue to evolve,” says Microsoft. “We remain committed to sharing what we learn.”

Read the full article Here

Leave a Reply

Your email address will not be published. Required fields are marked *

DON’T MISS OUT!
Subscribe To Newsletter
Be the first to get latest updates and exclusive content straight to your email inbox.
Stay Updated
Give it a try, you can unsubscribe anytime.
close-link