Russia-Sponsored Cyberattackers Infiltrate Microsoft's Code Base

We Keep you Connected

Russia-Sponsored Cyberattackers Infiltrate Microsoft's Code Base

The Midnight Blizzard APT is mounting a sustained, focused cyber campaign against the computing kahuna, using secrets it stole from emails back in January.
March 8, 2024
The Russian state-sponsored advanced persistent threat (APT) group known as Midnight Blizzard has nabbed Microsoft source code after accessing internal repositories and systems, as part of an ongoing series of attacks by a very sophisticated adversary.
The Redmond giant noted today that the previously announced cyber campaign by Midnight Blizzard, which commenced in January, has evolved. Assailants are continually probing its environment in an attempt to use secrets of different types that it originally exfiltrated from internal emails. It's a "sustained, significant commitment" on the part of the group, according to Microsoft.
"Midnight Blizzard is using information initially exfiltrated from our corporate email systems to gain, or attempt to gain, unauthorized access [deeper into our environment]," according to Microsoft's blog post on the attack. "This has included access to some of the company’s source code repositories and internal systems."
The group (aka APT29, Cozy Bear, Nobelium, and UNC2452) may also be laying the groundwork for future efforts, according to the post, "using the information it has obtained to accumulate a picture of areas to attack and enhance its ability to do so."
Further, Microsoft said that the attackers are turning up the volume on password-spraying attempts, observing a tenfold increase in February against its accounts.
Ariel Parnes, chief operating officer and co-founder at Mitiga, noted in an emailed statement that the source-code heist could lead to a flurry of zero-day vulnerability exploitation.
"For advanced nation-state cyber groups, access to a company's source code is akin to finding the master key to its digital kingdom, opening up avenues for finding new zero-day vulnerabilities: undiscovered security flaws that can be exploited before they're known to the software creators or the public," he warned, adding that the Microsoft breach is clearly much "more severe than initially understood, underscoring the critical nature of source code security in the digital age."
The good news is that there's so far no evidence that Midnight Blizzard has compromised Microsoft-hosted customer-facing systems; however, in some instances, secrets were shared between customers and Microsoft in email.
"As we discover them in our exfiltrated email," according to the post, "we have been and are reaching out to these customers to assist them in taking mitigating measures."
Tara Seals, Managing Editor, News, Dark Reading

Tara Seals has 20+ years of experience as a journalist, analyst and editor in the cybersecurity, communications and technology space. Prior to Dark Reading, Tara was Editor in Chief at Threatpost, and prior to that, the North American news lead for Infosecurity Magazine. She also spent 13 years working for Informa (formerly Virgo Publishing), as executive editor and editor-in-chief at publications focused on both the service provider and the enterprise arenas. A Texas native, she holds a B.A. from Columbia University, lives in Western Massachusetts with her family and is on a never-ending quest for good Mexican food in the Northeast.

You May Also Like
Assessing Your Critical Applications’ Cyber Defenses
Unleash the Power of Gen AI for Application Development, Securely
The Anatomy of a Ransomware Attack, Revealed
How To Optimize and Accelerate Cybersecurity Initiatives for Your Business
Building a Modern Endpoint Strategy for 2024 and Beyond
Cybersecurity’s Hottest New Technologies – Dark Reading March 21 Event
Black Hat Asia – April 16-19 – Learn More
Black Hat Spring Trainings – March 12-15 – Learn More
Industrial Networks in the Age of Digitalization
Zero-Trust Adoption Driven by Data Protection
How Enterprises Assess Their Cyber-Risk
Forrester Total Economic Impact Study: Team Cymru Pure Signal Recon
Privileged Access Management Checklist
Cheat Sheet – 5 Strategic Security Checkpoints
Causes and Consequences of IT and OT Convergence
Incident Response Planning Guide
The Forrester Wave: External Threat Intelligence Service Providers, Q3 2023
2023 Software Supply Chain Attack Report
Cybersecurity’s Hottest New Technologies – Dark Reading March 21 Event
Black Hat Asia – April 16-19 – Learn More
Black Hat Spring Trainings – March 12-15 – Learn More
Copyright © 2024 Informa PLC Informa UK Limited is a company registered in England and Wales with company number 1072954 whose registered office is 5 Howick Place, London, SW1P 1WG.