Subscribe to Teknoblog content on Google News:
Microsoft announced earlier this year that hackers supported by Russia were monitoring the email accounts of some members of its senior management team. Now, the company has announced that the same group behind the SolarWinds attack stole some source code in what Microsoft described as an ongoing attack.
Ongoing attack against Microsoft and source code security
In a statement, Microsoft used the following statements: “In recent weeks, we have seen evidence that the group called Midnight Blizzard (Nobelium) has attempted to gain unauthorized access from our company email systems using information initially leaked. This includes access to the company’s source code repositories and internal systems. “To date, we have found no evidence that customer-facing systems hosted by Microsoft have been compromised.”
It’s unclear what source code was accessed, but Microsoft warns that the Nobelium group, or “Midnight Blizzard” as Microsoft refers to them, is attempting to further infiltrate the software giant and potentially its customers using “different types of secrets” it finds. “Some of these secrets were shared between customers and Microsoft via email, and as we discovered them in our leaked emails, we are helping these customers take mitigation measures,” Microsoft said. said.
Nobelium gained initial access to Microsoft’s systems last year with a password mining attack. This type of attack is based on hackers’ approach to unlocking the system by using a large archive of passwords on accounts. Microsoft had configured a tenant test account without two-factor authentication enabled, which allowed Nobelium to gain access.
The company emphasized that it has increased its security investments, inter-agency coordination and mobilization, and improved its ability to defend itself against this advanced persistent threat and keep its environment safe and hardened. “We will continue to deploy additional strengthened security controls, detections and monitoring.”
The attack on Microsoft comes just days after the company announced its plan to reorganize software security following serious Azure cloud attacks. Microsoft has been at the center of several high-profile security attacks in recent years. These include 30,000 organizations’ email servers being hacked in 2021 due to a Microsoft Exchange Server bug, and last year, Chinese hackers breached US government emails via a Microsoft cloud vulnerability.
Microsoft is still investigating Nobelium’s latest attacks on its systems. “Active investigations of Midnight Blizzard activities continue, and the findings of our investigations will continue to evolve,” the company said. said. “We are committed to continuing to share what we have learned.”