On Friday, Microsoft revealed that hackers associated with Russia’s foreign intelligence were making renewed attempts to infiltrate its systems. These hackers utilized data pilfered from corporate emails in January to obtain fresh access to the tech giant’s network.
Microsoft, whose products are extensively utilized across the U.S. national security establishment, sounded the alarm with this disclosure, prompting concerns among analysts about the safety of systems and services provided by one of the world’s largest software makers.
Microsoft plays a crucial role in delivering digital services and infrastructure to the U.S. government.
Analysts voice concerns over national security risks as Microsoft attributes the intrusions to a Russian state-sponsored group known as Midnight Blizzard, or Nobelium.
The Russian embassy in Washington has yet to comment on Microsoft’s statement, nor has it responded to previous statements regarding Midnight Blizzard activity.
In January, Microsoft disclosed the breach, indicating that the hackers targeted corporate email accounts, including those belonging to senior company leaders, as well as cybersecurity, legal, and other departments.
“In recent weeks, we have seen evidence that Midnight Blizzard is using information initially exfiltrated from our corporate email systems to gain, or attempt to gain, unauthorized access,” the tech firm said in a new blog.
Jerome Segura, principal threat researcher at Malwarebytes’ Threatdown Labs, remarked that given Microsoft’s extensive customer base, it’s unsurprising it’s a target for cyber attacks.
He expressed concern that the attack persists despite Microsoft’s efforts to block access.
“That one of the largest software vendors is itself kind of learning things as they go is a little bit scary,” Segura said. “You don’t have the reassurance that if you’re a customer, that there isn’t something bigger going on.”
Jerome Segura further emphasized that the ongoing attacks underscore the aggressiveness of the hackers.
Microsoft disclosed that among the data pilfered by the hackers were access credentials to source code repositories and internal systems. Segura noted that Microsoft’s ownership of GitHub, a widely-used public repository for software code across various applications, makes it a particularly valuable target for hackers.
”This is the kind of thing that we’re really worried about,” Segura said. “The attacker would want to use (Microsoft’s) secrets to get into production environments, and then compromise software and put backdoors and things like that.”
Microsoft previously stated that the hackers gained access to staff emails by exploiting a dormant account through a “password spray” attack, a method that involves using the same password on multiple accounts until one is compromised.
According to Microsoft’s blog, such attacks surged by as much as tenfold in Midnight Blizzard’s latest attempts compared to the January breach.
“This seems like it’s something very targeted, and if (the hackers) are that deep inside Microsoft, and Microsoft hasn’t been able to get them out in two months, then there’s a huge concern,” said Adam Meyers, a senior vice president at the cybersecurity firm Crowdstrike, who tracks nation-state hacking.
