Microsoft said in March 2024 a Russian state-sponsored hacking group that stole information from its senior leadership team is still using that information to gain unauthorized access to its internal systems. The technology company disclosed in January 2024 that the group, which it has identified as Midnight Blizzard, had extracted information from a small percentage of employee email accounts, including members of its senior leadership team and employees in its cybersecurity and legal teams. Since that disclosure, the group has used that information to gain access to Microsoft’s source code repositories and internal systems. The volume of some aspects of the attack, including password sprays, jumped 10-fold in February compared with the already large volume Microsoft encountered in January, it said.
“Midnight Blizzard’s ongoing attack is characterized by a sustained, significant commitment of the threat actor’s resources, coordination, and focus,” Microsoft said. The company said that its investigations of Midnight Blizzard activities are continuing and that it is coordinating efforts with federal law enforcement. In a blog post last August 2023, Microsoft said it had detected Midnight Blizzard, previously known as Nobelium, launching targeted social-engineering attacks that used Microsoft Teams chats to phish for credentials. The former Nobelium group has been linked by U.S. authorities to the Foreign Intelligence Service of the Russian Federation and is known for its involvement in the massive SolarWinds hack of 2020.
Excerpts from Dean Seal, Microsoft Says Russian-Sponsored Hackers Still Using Stolen Information, WSJ, Mar. 9, 2024