Priya Patel
TLDR:
- Microsoft confirmed that Kremlin-backed threat actor, Midnight Blizzard, gained access to its source code repositories and internal systems in a hack.
- The breach, which took place in November 2023, has raised concerns about the security of customer secrets shared with Microsoft.
Microsoft disclosed that Midnight Blizzard, also known as APT29 or Cozy Bear, accessed some of its source code repositories and internal systems following a hack that was discovered in January 2024. The Russian state-sponsored threat actor has been using information obtained from Microsoft’s corporate email systems to gain unauthorized access to sensitive data. While there is no evidence of compromise to Microsoft-hosted customer-facing systems, the company is investigating the extent of the breach.
Redmond stated that the hacker group is attempting to leverage various types of secrets found, including those shared between customers and Microsoft in email communications. Although the exact nature and scale of the compromise were not disclosed, Microsoft has directly contacted impacted customers. The tech giant mentioned that the adversary has intensified its password spray attacks, indicating a sustained effort and significant commitment of resources by Midnight Blizzard.
The breach is said to have occurred through a password spray attack targeting a legacy, non-production test tenant account without multi-factor authentication enabled. APT29, part of Russia’s Foreign Intelligence Service (SVR), has a history of sophisticated cyber espionage activities, compromising high-profile targets such as SolarWinds.
Microsoft highlighted the escalating global threat landscape, especially in terms of sophisticated nation-state attacks, and emphasized its increased security investments to combat such threats. The company is continuing to investigate the breach and has implemented measures to enhance its security posture in response to the incident.
