Microsoft: Russian Hackers Accessed Company Source Code



Suspected Russian hackers were able to access source code repositories from Microsoft after stealing corporate emails from the company back in January. Microsoft today provided an update on its efforts to contain the fallout from the breach, which the company blames on Midnight Blizzard, a Russian hacking outfit affiliated with the Kremlin. Also known as Cozy Bear, the Russian hackers were booted from Microsoft’s email systems once the company detected the threat. But it looks like they managed to regain some access. “In recent weeks, we have seen evidence that Midnight Blizzard is using information initially exfiltrated from our corporate email systems to gain, or attempt to gain, unauthorized access,” Microsoft said in a blog post. “This has included access to some of the company’s source code repositories and internal systems.”The company didn’t specify if any source code was exfiltrated. But the hackers have been using information found in the stolen corporate emails to break into the systems of Microsoft and its customers. This has included trying to guess login passwords.“Midnight Blizzard has increased the volume of some aspects of the attack, such as password sprays, by as much as 10-fold in February, compared to the already large volume we saw in January 2024,” Redmond added. However, the company has found no evidence that any “Microsoft-hosted customer-facing systems have been compromised.” It’s also been reaching out to customers who had confidential information exposed through the emails that Midnight Blizzard stole to help them mitigate the threat.  

Recommended by Our Editors

Midnight Blizzard has gained a reputation as one of the most elite and persistent hacking groups in the world. The group grabbed headlines in 2016 for breaching the Democratic National Committee. In 2020, Midnight Blizzard was also tied to the SolarWinds hack, which allowed Russian hackers to steal data from US government agencies. In the meantime, Microsoft said: “We have and will continue to put in place additional enhanced security controls, detections, and monitoring.”

Like What You’re Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.

We will be happy to hear your thoughts

Leave a reply

Gadgetsbestdeals
Logo
Compare items
  • Total (0)
Compare
0
Shopping cart