Microsoft has disclosed that it fell victim to a cyberattack earlier this year orchestrated by Russian state-sponsored hackers. The assault targeted the email accounts of select members of its senior leadership team. Now, in a shocking revelation, Microsoft has confirmed that the same group responsible for the infamous SolarWinds attack has penetrated its systems once again, resulting in the theft of source code.
In a recent blog post, Microsoft elucidated the gravity of the situation, stating, “In recent weeks, we have seen evidence that Midnight Blizzard [Nobelium] is using information initially exfiltrated from our corporate email systems to gain, or attempt to gain, unauthorised access.” This breach extended beyond mere email infiltration, granting the hackers access to certain source code repositories and internal systems. However, Microsoft assured that there is no evidence indicating compromise of customer-facing systems hosted by the company.
The extent of the compromised source code remains undisclosed. Nonetheless, Microsoft has issued a stern warning that the perpetrators, identified as the Nobelium group or “Midnight Blizzard” by Microsoft, are actively leveraging the pilfered information in ongoing attempts to breach Microsoft’s infrastructure, potentially putting its customers at risk. Microsoft is actively engaging with affected customers, notifying them and assisting in implementing necessary security measures.
The initial breach occurred when Nobelium exploited a vulnerability in Microsoft’s systems through a password spray attack, a brute-force method employing a vast array of potential passwords. Exploiting a non-production test tenant account lacking two-factor authentication, Nobelium gained entry into Microsoft’s networks.
In response to this alarming breach, Microsoft has ramped up its security measures and investments, emphasising enhanced coordination and vigilance across its enterprise. “Across Microsoft, we have increased our security investments, cross-enterprise coordination and mobilisation, and have enhanced our ability to defend ourselves and secure and harden our environment against this advanced persistent threat,” stated Microsoft.
This latest attack on Microsoft follows closely on the heels of its pledge to bolster software security in the wake of severe Azure cloud breaches. Microsoft has been embroiled in a series of high-profile security incidents, including the compromise of 30,000 organisations’ email servers due to a flaw in Microsoft Exchange Server last year, and Chinese hackers breaching US government emails via a Microsoft cloud exploit.
Microsoft is currently engaged in extensive investigations into Nobelium’s latest incursions into its systems. “Our active investigations of Midnight Blizzard activities are ongoing, and findings of our investigations will continue to evolve,” assured Microsoft.
