Microsoft has released an update regarding the persistent cyberattack it is facing from hackers believed to be backed by the Russian government.
The attackers, identified as Midnight Blizzard, have exploited data from a previous breach last year to attack Microsoft’s internal systems, according to a statement on the company’s official blog.
Additionally, Microsoft has informed the US Securities and Exchange Commission about the latest developments through a recent filing made public on Friday.
“Over the past few weeks, we’ve observed Midnight Blizzard leveraging information initially stolen from our corporate email systems in efforts to gain, or try to gain, unauthorized entry,” stated Microsoft. “This activity has extended to accessing some of our source code repositories and internal systems. However, we’ve found no sign that any customer-facing systems hosted by Microsoft have been breached.”
The original breach by Midnight Blizzard involved a reconnaissance operation where they accessed a legacy system account through a password-spraying attack.
Discovered on January 12, it is believed that the attack began in late November 2023, placing Microsoft in a position of trying to mitigate a significant security breach.
The intensity of the intrusion attempts has escalated, with Microsoft reporting a nearly tenfold increase in password spray attacks in February, surpassing already high levels observed in January.
Microsoft described this as a highly coordinated and sophisticated attack that continues without signs of slowing down.
“The sustained efforts, resources, and strategic planning of Midnight Blizzard in their ongoing attack highlight a larger, unprecedented global threat landscape, particularly from advanced nation-state-sponsored attacks,” Microsoft expressed.
The company has pledged to continue its thorough investigation into the activities of Midnight Blizzard, which is suspected to operate under the direction of Russia’s Foreign Intelligence Service, the SVR.
