Priya PatelTLDR:
Microsoft is still dealing with a Russian hacker group, Midnight Blizzard, who compromised email accounts of company executives in January. The group has used stolen information to broaden its cyberattacks, including accessing source code repositories and internal systems. Microsoft has seen an increase in attacks, such as password sprays, and has reached out to customers impacted by the breach. The company is working to mitigate the ongoing threat and has filed a report with the SEC.
Microsoft Corporation continues to face challenges from the Russian hacker group Midnight Blizzard, who breached email accounts of company executives in January. The group, named by Microsoft as responsible for ongoing cyber attacks, has used the information obtained in the initial breach to broaden its scope, including accessing source code repositories and internal systems. Microsoft’s Security Response Center has seen evidence that Midnight Blizzard is attempting to gain unauthorized access using the stolen information, although they have not found evidence of compromise in customer-facing systems. The company has increased efforts to assist customers affected by the breach and has reported the incident to the SEC.
In January, Microsoft announced the breach by Russia-affiliated threat actors, impacting a small percentage of corporate email accounts. Midnight Blizzard gained access to email accounts of senior leadership team members, as well as cybersecurity and legal workers. Microsoft immediately activated response processes to investigate and disrupt malicious activity upon discovering the breach. The sustained commitment and focus of the threat actor have surprised Microsoft, leading them to believe the hackers are accumulating information to enhance future attacks. These attacks are part of a larger global threat landscape, with nation-state attacks becoming more sophisticated.
Midnight Blizzard is believed to be one of many hacker groups supported by the Kremlin. Microsoft is working to mitigate the threat posed by the ongoing cyber attacks and has increased efforts to protect customer and internal systems from further compromise.
