Cybersecurity

Russian Hackers Almost Cripple Microsoft

  • Reading time: 2 min
midnight blizzard, haching, microsoft, stolen information

Microsoft has disclosed that Russian state-backed hackers, identified as Midnight Blizzard or NOBELIUM, have breached key systems within the company.

  • The breach was first disclosed in January.
  • Recent developments indicate a more extensive and severe intrusion than previously thought.

Microsoft revealed that Russian state-backed hackers, Midnight Blizzard, have penetrated key systems within the company.

The situation has concerns rising about the security of its software and potentially posing risks to its customers. According to Microsoft’s security blog, Microsoft has identified “the threat actor as Midnight Blizzard, the Russian state-sponsored actor also known as NOBELIUM.”

The breach was initially disclosed in January. At the time, NOBELIUM hacker group had used a password spraying attack to access a low-level, inactive Microsoft account. They then infiltrated a small number of high-profile email accounts, including senior leadership and cybersecurity personnel. They extracted emails and potentially attached documents.

It has, however, recently escalated. The intrusion appears to be more extensive and severe than previously thought. The hackers utilized stolen information from Microsoft’s corporate email systems to further infiltrate the company’s infrastructure. Source code, the fundamental building blocks of software, is highly sought after by both corporations and malicious actors due to its ability to facilitate subsequent attacks on other systems.

And they are putting it to good use too. “It is apparent that Midnight Blizzard is attempting to use secrets of different types [of source code] it has found,” said Microsoft. “Midnight Blizzard’s ongoing attack is characterized by a sustained, significant commitment of the threat actor’s resources, coordination, and focus. It may be using the information it has obtained to accumulate a picture of areas to attack and enhance its ability to do so.”

Through its filing with the US Securities and Exchange Commission (SEC), the company assured the public that it has not found any compromises in its customer-facing systems.

But we can’t help but be concerned. Call me paranoid, but how long before they go after us, the customers. But yet again, we may not be the intended target after all. We’re just fodder.

This breach is part of a series of cyber-espionage activities attributed to Russian state actors. The group responsible has been linked to previous high-profile attacks, including the SolarWinds supply chain attack in 2020. In that incident, the hackers gained access to numerous US agency email systems, leading to months of unauthorized access before the breach was discovered.

Inside Telecom provides you with an extensive list of content covering all aspects of the tech industry. Keep an eye on our Tech sections to stay informed and up-to-date with our daily articles.

Tags: