🐂 Not all bull runs are created equal. November’s AI picks include 5 stocks up +20% eachUnlock Stocks

Microsoft warns Russian hackers still trying to break into its systems

Published 03/08/2024, 09:12 AM
Updated 03/08/2024, 04:56 PM
© Reuters. FILE PHOTO: Smartphone is seen in front of Microsoft logo displayed in this illustration taken July 26, 2021. REUTERS/Dado Ruvic/Illustration/File Photo
MSFT
-

By Zeba Siddiqui and Raphael Satter

(Reuters) -Microsoft said on Friday that hackers linked to Russia's foreign intelligence were trying again to break into its systems, using data stolen from corporate emails in January to gain new access to the tech giant whose products are widely used across the U.S. national security establishment.

The disclosure alarmed some analysts who cited concerns about safety of systems and services at Microsoft (NASDAQ:MSFT), one of the world's largest software makers which provides digital services and infrastructure to the U.S. government.

Analysts have expressed worries about national security risks. Microsoft has said a Russian state-sponsored group called Midnight Blizzard, or Nobelium, is behind the intrusions.

The Russian embassy in Washington did not immediately respond to a request for comment on Microsoft's statement, and has also not responded to Microsoft's previous statements about Midnight Blizzard activity.

Microsoft disclosed the breach in January, saying the hackers had tried breaking into corporate email accounts including those of senior company leaders as well as cybersecurity, legal, and other functions.

"In recent weeks, we have seen evidence that Midnight Blizzard is using information initially exfiltrated from our corporate email systems to gain, or attempt to gain, unauthorized access," the tech firm said in a new blog.

Given Microsoft's vast customer network, it is not surprising it is being targeted, said Jerome Segura, principal threat researcher at the cybersecurity firm Malwarebytes' Threatdown Labs. He added it was unnerving that the attack was still underway despite Microsoft's efforts to thwart access.

"That one of the largest software vendors is itself kind of learning things as they go is a little bit scary," Segura said. "You don't have the reassurance that if you're a customer, that there isn't something bigger going on."

The attacks are also a testament to how aggressive the hackers are, he added.

Among the data the hackers stole was access to source code repositories and internal systems, Microsoft said. The company owns GitHub, a public repository of software code for various applications, said Malwarebytes' Segura.

"This is the kind of thing that we're really worried about," Segura said. "The attacker would want to use (Microsoft's) secrets to get into production environments, and then compromise software and put backdoors and things like that."

Previously, Microsoft said the hackers had broken into staff emails by using a dormant account through a "password spray" attack -- using the same password on multiple accounts until they break into one. Such attacks increased as much as tenfold in Midnight Blizzard's latest attempts, compared the January breach, Microsoft said in its blog.

"This seems like it's something very targeted, and if (the hackers) are that deep inside Microsoft, and Microsoft hasn't been able to get them out in two months, then there's a huge concern," said Adam Meyers, a senior vice president at the cybersecurity firm Crowdstrike, who tracks nation-state hacking.

'SECRETS OF DIFFERENT TYPES'

Midnight Blizzard is known to target governments, diplomatic entities, and non-governmental organizations, according to various analysts who track the group. In its January statement Microsoft said Midnight Blizzard was probably targeting it because the company has done robust research unraveling the hacking group's operations.

Microsoft's threat intelligence team has been investigating and sharing research on Nobelium since at least 2021, when the group was found to be behind the SolarWinds (NYSE:SWI) cyberattack that compromised a raft of U.S. government agencies.

The persistent attempts to breach Microsoft are a sign of "sustained, significant commitment of the threat actor’s resources, coordination, and focus," the company said on Friday.

"It is apparent that Midnight Blizzard is attempting to use secrets of different types it has found," it added.

© Reuters. FILE PHOTO: Smartphone is seen in front of Microsoft logo displayed in this illustration taken July 26, 2021. REUTERS/Dado Ruvic/Illustration/File Photo

"Some of these secrets were shared between customers and Microsoft in email, and as we discover them in our exfiltrated email, we have been and are reaching out to these customers to assist them in taking mitigating measures."

Microsoft did not name affected customers.

Latest comments

Risk Disclosure: Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers.
© 2007-2024 - Fusion Media Limited. All Rights Reserved.