Microsoft warns Russian hackers still trying to break into its systems
Send a link to a friend
 [March 09, 2024]
By Zeba Siddiqui and Raphael Satter
(Reuters) -Microsoft said on Friday that hackers linked to Russia's
foreign intelligence were trying again to break into its systems, using
data stolen from corporate emails in January to gain new access to the
tech giant whose products are widely used across the U.S. national
security establishment.
The disclosure alarmed some analysts who cited concerns about safety of
systems and services at Microsoft, one of the world's largest software
makers which provides digital services and infrastructure to the U.S.
government.
Analysts have expressed worries about national security risks. Microsoft
has said a Russian state-sponsored group called Midnight Blizzard, or
Nobelium, is behind the intrusions.
The Russian embassy in Washington did not immediately respond to a
request for comment on Microsoft's statement, and has also not responded
to Microsoft's previous statements about Midnight Blizzard activity.
Microsoft disclosed the breach in January, saying the hackers had tried
breaking into corporate email accounts including those of senior company
leaders as well as cybersecurity, legal, and other functions.
"In recent weeks, we have seen evidence that Midnight Blizzard is using
information initially exfiltrated from our corporate email systems to
gain, or attempt to gain, unauthorized access," the tech firm said in a
new blog.
Given Microsoft's vast customer network, it is not surprising it is
being targeted, said Jerome Segura, principal threat researcher at the
cybersecurity firm Malwarebytes' Threatdown Labs. He added it was
unnerving that the attack was still underway despite Microsoft's efforts
to thwart access.
"That one of the largest software vendors is itself kind of learning
things as they go is a little bit scary," Segura said. "You don't have
the reassurance that if you're a customer, that there isn't something
bigger going on."
The attacks are also a testament to how aggressive the hackers are, he
added.
Among the data the hackers stole was access to source code repositories
and internal systems, Microsoft said. The company owns GitHub, a public
repository of software code for various applications, said Malwarebytes'
Segura.
"This is the kind of thing that we're really worried about," Segura
said. "The attacker would want to use (Microsoft's) secrets to get into
production environments, and then compromise software and put backdoors
and things like that."
[to top of second column]
|
Smartphone is seen in front of Microsoft logo displayed in this
illustration taken July 26, 2021. REUTERS/Dado Ruvic/Illustration/File
Photo
Previously, Microsoft said the hackers had broken into staff emails
by using a dormant account through a "password spray" attack --
using the same password on multiple accounts until they break into
one. Such attacks increased as much as tenfold in Midnight
Blizzard's latest attempts, compared the January breach, Microsoft
said in its blog.
"This seems like it's something very targeted, and if (the hackers)
are that deep inside Microsoft, and Microsoft hasn't been able to
get them out in two months, then there's a huge concern," said Adam
Meyers, a senior vice president at the cybersecurity firm
Crowdstrike, who tracks nation-state hacking.
'SECRETS OF DIFFERENT TYPES'
Midnight Blizzard is known to target governments, diplomatic
entities, and non-governmental organizations, according to various
analysts who track the group. In its January statement Microsoft
said Midnight Blizzard was probably targeting it because the company
has done robust research unraveling the hacking group's operations.
Microsoft's threat intelligence team has been investigating and
sharing research on Nobelium since at least 2021, when the group was
found to be behind the SolarWinds cyberattack that compromised a
raft of U.S. government agencies.
The persistent attempts to breach Microsoft are a sign of
"sustained, significant commitment of the threat actor’s resources,
coordination, and focus," the company said on Friday.
"It is apparent that Midnight Blizzard is attempting to use secrets
of different types it has found," it added.
"Some of these secrets were shared between customers and Microsoft
in email, and as we discover them in our exfiltrated email, we have
been and are reaching out to these customers to assist them in
taking mitigating measures."
Microsoft did not name affected customers.
(Reporting by Zeba Siddiqui in San Francisco and Akash Sriram in
Bengaluru; Editing by Shilpi Majumdar, Chizu Nomiyama and David
Gregorio)
[© 2024 Thomson Reuters. All rights reserved.]This material
may not be published, broadcast, rewritten or redistributed.
Thompson Reuters is solely responsible for this content.
 |
