Microsoft warns that Russian hackers, known as Midnight Blizzard, have used stolen executive emails to broaden cyberattacks, gaining unauthorized access to source code repositories and internal systems. The group has increased the volume of attacks, such as password sprays, and Microsoft is reaching out to affected customers to assist in mitigating measures. The company expressed surprise at the sustained commitment and focus of the threat actor's resources, and believes the hackers are supported by the Kremlin.
Microsoft confirmed that Russian state-sponsored hackers, known as Midnight Blizzard, gained access to some of its source code repositories and internal systems in a breach that took place in November 2023. The hackers are attempting to leverage the stolen information, including secrets shared between customers and Microsoft in emails. Microsoft has increased its security investments and is investigating the extent of the breach, while also reaching out to impacted customers. The Kremlin-backed threat actor is considered one of the most prolific and sophisticated hacking groups, compromising high-profile targets such as SolarWinds.
Microsoft revealed that Kremlin-backed hackers, known as Midnight Blizzard, have expanded their access since their January breach, targeting customers and compromising the company's source code and internal systems. The group gained initial access through a weak password and has since used stolen information in follow-on attacks, including password spraying. Microsoft is working to assist affected customers and has emphasized that there is no evidence the hackers gained access to customer-facing systems. Midnight Blizzard is a prolific APT group, and international partners have warned of its expanded activity targeting various sectors.
Microsoft detected a cyberattack by a Russian state-backed group, Midnight Blizzard, in January, which gained access to the company's core software systems and source code repositories. The hackers used information from corporate email systems to attempt unauthorized access, but Microsoft found no evidence of compromise to customer-facing systems. The attack, which began in November, has not materially impacted Microsoft's operations, and the company is working to enhance security measures and assist affected customers.
Hewlett Packard Enterprise (HPE) disclosed that its cloud-based email system was breached by the Russia-linked hacking group Midnight Blizzard, which exfiltrated data from a small percentage of HPE mailboxes starting in May 2023. The company suspects the breach is related to an earlier attack in which a limited number of SharePoint files were exfiltrated. This revelation follows Microsoft's disclosure of a similar breach by Midnight Blizzard. HPE does not expect the incident to have a material impact on its business and is continuing its investigation.
Microsoft revealed that its systems were breached by Russian hacking group Midnight Blizzard, with a "very small percentage" of corporate emails, including those of senior leadership, being accessed. The attack, which utilized a "password spray" tactic, was detected last week, but the hackers first gained access in late November. Microsoft stated that the breach did not result from a vulnerability in its products or services and that there is no evidence of access to customer environments, production systems, source code, or AI systems. This incident follows previous breaches by other hacking groups, prompting Microsoft to launch the Secure Future Initiative to enhance its cybersecurity protection.
