Microsoft says Russian hackers still trying to break into its systems

Microsoft is a key provider of digital services and infrastructure to the US government. PHOTO: REUTERS
Updated
Mar 10, 2024, 10:41 PM
Published
Mar 09, 2024, 12:04 AM

NEW YORK - Microsoft said on March 8 that hackers linked to Russia’s foreign intelligence were trying again to break into its systems using data stolen from corporate e-mails in January to gain new access to the tech giant, whose products are widely used across the United States national security establishment.

The disclosure alarmed some analysts, who cited concerns about the safety of systems and services at Microsoft, one of the world’s largest software makers, which provides digital services and infrastructure to the US government.

Analysts have expressed worries about national security risks.

Microsoft said a Russian state-sponsored group called Midnight Blizzard, or Nobelium, is behind the intrusions.

The Russian Embassy in Washington did not immediately respond to a request for comment on Microsoft’s statement. It also has not responded to Microsoft’s previous statements about Midnight Blizzard activity.

Microsoft disclosed the breach in January, saying the hackers had tried breaking into corporate e-mail accounts, including those of senior company leaders, as well as cyber security, legal and other functions.

“In recent weeks, we have seen evidence that Midnight Blizzard is using information initially exfiltrated from our corporate e-mail systems to gain, or attempt to gain, unauthorised access,” the tech firm said in a new blog.

Given Microsoft’s vast customer network, it is not surprising it is being targeted, said Mr Jerome Segura, principal threat researcher at cyber-security firm Malwarebytes’ ThreatDown Labs.

He added it was unnerving that the attack was still under way despite Microsoft’s efforts to thwart access.

“That one of the largest software vendors is itself kind of learning things as they go is a little bit scary,” Mr Segura said. “You don’t have the reassurance, that if you’re a customer, that there isn’t something bigger going on.”

The attacks are also a testament to how aggressive the hackers are, he added.

Among the data the hackers stole was access to source code repositories and internal systems, Microsoft said.

The company owns GitHub, a public repository of software code for various applications, said Malwarebytes’ Mr Segura.

“This is the kind of thing that we’re really worried about,” Mr Segura said. “The attacker would want to use (Microsoft’s) secrets to get into production environments, and then compromise software and put backdoors and things like that.”

Previously, Microsoft said the hackers had broken into staff e-mails by using a dormant account through a “password spray” attack – using the same password on multiple accounts until they break into one. Such attacks increased as much as tenfold in Midnight Blizzard’s latest attempts, compared with the January breach, Microsoft said in its blog.

“This seems like it’s something very targeted, and if (the hackers) are that deep inside Microsoft, and Microsoft hasn’t been able to get them out in two months, then there’s a huge concern,” said Mr Adam Meyers, a senior vice-president at cyber-security firm CrowdStrike, which tracks nation-state hacking.

More On This Topic
Microsoft says it caught hackers from China, Russia and Iran using its AI tools
US FBI seizes Lockbit hacking websites in ransomware disruption

Midnight Blizzard is known to target governments, diplomatic entities and non-governmental organisations, according to various analysts who track the group.

In its January statement, Microsoft said Midnight Blizzard was probably targeting it because the company had done robust research unravelling the hacking group’s operations.

Microsoft’s threat intelligence team has been investigating and sharing research on Nobelium since at least 2021, when the group was found to be behind the SolarWinds cyber attack that compromised a raft of US government agencies.

The persistent attempts to breach Microsoft were a sign of “sustained, significant commitment of the threat actor’s resources, coordination and focus,” the company said on March 8.

“It is apparent that Midnight Blizzard is attempting to use secrets of different types it has found,” it added.

“Some of these secrets were shared between customers and Microsoft in e-mail, and as we discover them in our exfiltrated e-mail, we have been and are reaching out to these customers to assist them in taking mitigating measures.”

Microsoft did not name affected customers. REUTERS

More On This Topic
Taiwan’s military, Foreign Ministry hit by data breach
Hackers for sale: What we’ve learnt from China’s massive cyber leak

Join ST's Telegram channel and get the latest breaking news delivered to you.

Available for
iPhones and iPads
Available in
Google Play

MCI (P) 066/10/2023. Published by SPH Media Limited, Co. Regn. No. 202120748H. Copyright © 2024 SPH Media Limited. All rights reserved.

Back to the top