Dan Goodin on Nostr: Microsoft said that Kremlin-backed hackers who breached its corporate network in ...
Microsoft said that Kremlin-backed hackers who breached its corporate network in January have expanded their access since then in follow-on attacks that have targeted customers and compromised the company's source code and internal systems.
The intrusion, which the software company disclosed in January, was carried out by Midnight Blizzard, the name used to track a hacking group widely attributed to the Federal Security Service, a Russian intelligence agency. Microsoft said at the time that Midnight Blizzard gained access to senior executives’ email accounts for months after first exploiting a weak password in a test device connected to the company’s network. Microsoft went on to say it had no indication any of its source code or production systems had been compromised.
In an update published Friday, Microsoft said it has uncovered evidence that Midnight Blizzard has used the information it gained earlier to further push into its network and compromise both source code and internal systems. The hacking group—which is tracked under multiple other names including APT29, Cozy Bear, CozyDuke, The Dukes, Dark Halo, and Nobelium—has been using the proprietary information in follow-on attacks, not only against Microsoft but also its customers.
“In recent weeks, we have seen evidence that Midnight Blizzard is using information initially exfiltrated from our corporate email systems to gain, or attempt to gain, unauthorized access,” Friday’s update said. “This has included access to some of the company’s source code repositories and internal systems. To date we have found no evidence that Microsoft-hosted customer-facing systems have been compromised.
https://arstechnica.com/security/2024/03/microsoft-says-kremlin-backed-hackers-accessed-its-source-and-internal-systems/
The intrusion, which the software company disclosed in January, was carried out by Midnight Blizzard, the name used to track a hacking group widely attributed to the Federal Security Service, a Russian intelligence agency. Microsoft said at the time that Midnight Blizzard gained access to senior executives’ email accounts for months after first exploiting a weak password in a test device connected to the company’s network. Microsoft went on to say it had no indication any of its source code or production systems had been compromised.
In an update published Friday, Microsoft said it has uncovered evidence that Midnight Blizzard has used the information it gained earlier to further push into its network and compromise both source code and internal systems. The hacking group—which is tracked under multiple other names including APT29, Cozy Bear, CozyDuke, The Dukes, Dark Halo, and Nobelium—has been using the proprietary information in follow-on attacks, not only against Microsoft but also its customers.
“In recent weeks, we have seen evidence that Midnight Blizzard is using information initially exfiltrated from our corporate email systems to gain, or attempt to gain, unauthorized access,” Friday’s update said. “This has included access to some of the company’s source code repositories and internal systems. To date we have found no evidence that Microsoft-hosted customer-facing systems have been compromised.
https://arstechnica.com/security/2024/03/microsoft-says-kremlin-backed-hackers-accessed-its-source-and-internal-systems/