Microsoft has revealed that a group of Russian state-sponsored hackers, known as Nobelium or Midnight Blizzard, has been spying on the email accounts of some of its senior leaders and stealing some of its source code. This is the same group that was behind the massive SolarWinds attack that compromised several US government agencies and private companies last year.
In a blog post, Microsoft said that in recent weeks, it has seen evidence that Midnight Blizzard is using the information it obtained from its corporate email systems to gain unauthorized access to some of its source code repositories and internal systems. However, Microsoft assured that it had not found evidence that its customer-facing systems had been compromised.
Microsoft’s stolen source code
Microsoft did not specify what source code was accessed by the hackers. Still, it warned that Midnight Blizzard is now attempting to use “secrets of different types it has found” further to breach the software giant and potentially its customers. These secrets include confidential information shared between customers and Microsoft in email, such as passwords, keys, or certificates. Microsoft said it is contacting these customers to help them take mitigating measures.
The source code is the underlying code that makes up Microsoft’s software products and services. It is usually protected by intellectual property rights and kept secret from competitors and malicious actors. By stealing the source code, the hackers could potentially find vulnerabilities, exploit them, or create counterfeit versions of Microsoft’s software.
The password spray attack
Microsoft said Midnight Blizzard initially accessed its systems through a password spray attack last year. This is a brute-force attack where hackers use a large list of common or weak passwords to try logging into multiple accounts. Microsoft admitted that it had configured a non-production test account without two-factor authentication enabled, which allowed Midnight Blizzard to gain access.
Microsoft said that it has increased its security investments, coordination, and mobilization and has enhanced its ability to defend itself and secure its environment against this advanced persistent threat. It also said that it has and will continue to implement enhanced security controls, detections, and monitoring.
The aftermath of the attack
The attack on Microsoft came just days after the company announced its plan to overhaul its software security following serious Azure cloud attacks. Microsoft has recently been at the center of several high-profile security attacks, including 30,000 organizations’ email servers getting hacked in 2021 due to a Microsoft Exchange Server flaw and Chinese hackers breaching US government emails via a Microsoft cloud exploit last year.
Microsoft is still investigating Midnight Blizzard’s latest attacks on its systems. The attack on Microsoft is also part of a broader campaign by Russia’s SVR, the foreign intelligence service, to target various sectors and organizations worldwide.