We are talking about information that hackers obtain through corporate email. It is unclear what exactly this data was, but it was attempted to be used to gain new access to the systems of the technology giant, whose products are widely used by US national security agencies and which Ukraine is actively helping to counter cyber warfare. Threats from Russia.

Detail

It looks like they didn’t manage to infiltrate Microsoft’s servers this time. But even the disclosure of this information alarmed analysts: they expressed concern about the security of systems and services of Microsoft, one of the world’s largest software manufacturers.

Microsoft first reported the Russian attacks in January, saying hackers were trying to break into corporate email inboxes including those of the company’s senior management as well as its cybersecurity, legal and other departments. And they partially succeeded. Russian criminals hacked employees’ emails from an inactive account using the same password across multiple accounts in a “password spraying” attack.

In recent weeks, we have seen evidence that Midnight Blizzard is using information to obtain or attempt to obtain information that was initially stolen from our corporate email systems. [новий] Unauthorized Access,
– says the company’s new statement.

Malwarebytes’ chief threat researcher Jerome Segura says it’s no surprise that Microsoft was targeted, given its vast customer network. However, it is worrying that the attack is still continuing despite Microsoft’s efforts to prevent illegal access. “It’s a little scary that one of the biggest software vendors is learning on the fly. You don’t have any confidence that there’s something bigger going on.”– says Segura.

Microsoft said the data hackers stole included access to source code repositories and internal systems. The company owns GitHub, a public repository of software code for various applications. “That’s exactly what we’re really worried about. An attacker wants to exploit secrets [Microsoft]going into a production environment and compromising the software and installing backdoors and things like that”The analyst adds:

Midnight Blizzard, also known as Nobelium, is known to target governments, diplomatic institutions and non-governmental organizations. In a January statement, Microsoft said Midnight Blizzard likely targeted it because the company conducted an extensive investigation that exposed the hacking group’s activities. Microsoft’s threat intelligence team has been investigating and sharing research on Nobelium since at least 2021, when Nobelium was determined to be behind the SolarWinds cyberattack that compromised a number of US government agencies.