Adrian Johnson
TLDR:
- Microsoft confirmed that the Russian-linked group, Midnight Blizzard, accessed internal systems and source code repositories during a cyber attack in January.
- Midnight Blizzard, also known as Nobelium, APT29, and Cozy Bear, are a Russian state-sponsored threat actor group.
Microsoft has disclosed that the Russian state-sponsored hacker group, Midnight Blizzard, successfully breached their internal systems and accessed source code repositories during a cyber attack that was detected in January. The attack, characterized by the use of a password spray against a legacy non-production test tenant account, allowed the group to access a small percentage of Microsoft corporate email accounts, including those of senior leadership and key staff functions. This incident highlights potential vulnerabilities in Microsoft’s security processes and the group’s persistent commitment to gathering information for future attacks.
In its latest update, Microsoft revealed that Midnight Blizzard has been utilizing information obtained from the corporate email systems to attempt unauthorized access to both Microsoft and customer networks. The group’s increased activity in February, particularly with password sprays, suggests a heightened focus on gathering sensitive data and enhancing offensive capabilities. Midnight Blizzard, also known as Nobelium, APT29, and Cozy Bear, is a Russian state-sponsored group notorious for its cyber attacks on various targets, including NATO member states and governmental organizations.
In addition to the attack on Microsoft, Midnight Blizzard has previously gained unauthorized access to other organizations, such as HPE’s cloud-hosted email environment. The group’s history of sophisticated cyber attacks, including breaches at the Pentagon and the DNC, demonstrates their capabilities and the ongoing security challenges faced by companies globally.
