Microsoft has disclosed that a notorious Russian hacking group known as Nobelium or Midnight Blizzard has launched a new wave of cyber attacks targeting the tech giant. This is the same group responsible for the massive SolarWinds breach in 2020 that compromised multiple U.S. government agencies and private companies.
Table of Contents
Microsoft Targeted by Notorious Russian Hacking Group
In a recent blog post, Microsoft revealed that Midnight Blizzard has been spying on email accounts belonging to some of its senior executives and has managed to steal portions of the company’s source code. Source code is the underlying programming instructions that make up Microsoft’s software products and services.
The hackers initially gained access to Microsoft’s systems through a “password spray” attack last year, which involves attempting to log in to multiple accounts using common or weak passwords. Microsoft admitted that a test account was misconfigured without enabling two-factor authentication, allowing the hackers to breach its defenses.
While Microsoft assured that its customer-facing systems remain uncompromised, the stolen source code and confidential information could potentially be used by Midnight Blizzard to find vulnerabilities, create counterfeit software, or attempt further breaches against Microsoft and its clients.
In response, Microsoft has stepped up its security measures, implementing enhanced controls, detections, and monitoring mechanisms to defend against these advanced persistent threats. The company is also notifying affected customers whose confidential information may have been compromised, urging them to take appropriate mitigation steps.
This latest attack comes just days after Microsoft announced plans to overhaul its software security practices following a series of high-profile incidents, including the Exchange Server hack in 2021 and Chinese hackers breaching U.S. government emails through a Microsoft cloud exploit last year.
Cybersecurity authorities, including the U.S. and its “Five Eyes” intelligence allies, have attributed the attacks to Russia’s foreign intelligence service, the SVR, which has expanded its targets across various sectors globally. Experts are urging organizations to review their account access, enable two-factor authentication, and remain vigilant for suspicious activities.
As the investigation into Midnight Blizzard’s activities continues, the incident serves as a stark reminder of the ongoing cyber threats posed by state-sponsored hacking groups and the need for robust cybersecurity measures to protect sensitive data and systems.
