Russian state-sponsored hackers compromised Microsoft source code repositories

[Alfonso Maruccia]

Facepalm: Microsoft has issued a new update regarding the nation-state attack it uncovered in January. Kremlin-sponsored hackers known as 'Midnight Blizzard' inflicted significant damage, and Redmond confirms they are still attempting to disrupt its systems.

Microsoft's security team earlier this year detected an attack on its systems that had been ongoing since November 2023. The culprits were identified as the Russian cyber-spy group known as Midnight Blizzard, Apt29, Nobelium, or Cozy Bear. Microsoft initially downplayed the damage to its corporate networks.

However, further investigation by Microsoft has uncovered evidence of additional intrusions by the Midnight Blizzard hackers in recent weeks. These Kremlin spies used information exfiltrated from the initial attack to gain further unauthorized access, achieving some success.

The hackers breached some of Microsoft's source code repositories and unspecified "internal systems." To date, Redmond has found no evidence that hosted, customer-facing systems (including the Azure platform) have been compromised. However, this situation may evolve as the investigation progresses in the coming weeks.

Microsoft initially stated that there was no evidence of potential intrusion into the company's customer environments, production systems, and source code archives. The ongoing investigation has revealed additional attempts by Midnight Blizzard to utilize various "secrets" stolen in the original attack for new hacking initiatives.

Some of these secrets originated from emails exchanged between Microsoft and its customers. The company has reached out to all affected parties to recommend appropriate "mitigating measures." In January, Midnight Blizzard compromised a legacy, non-production test account using a password spray attack – an attempt to guess a known user password from a list of common passwords.

According to Microsoft, password spray and other brute-force attacks by Midnight Blizzard surged by as much as tenfold in February compared to the already "large volume" of attacks in January 2024. The Kremlin hackers are displaying a sustained and "significant commitment" of resources, coordination, and focus to attack Microsoft systems. There's concern that they may leverage newly stolen information to identify additional areas of attack. This showcases the sophistication and unprecedented nature of nation-state cyber attacks.

Permalink to story.

https://www.techspot.com/news/102193-midnight-blizzard-russian-hackers-compromised-microsoft-source-code.html

 

[WhoCaresAnymore]

One day soon, I fear everything will go down. That will be the "The End".

 

[dangh]

Another clown country model citizen.

 

[Uncle Al]

If they spent more time combating all these hackers rather than developing products that few, if any, want, they might actually be able to protect the nest ......

 

[ZedRM]

Dear Microsoft,

Here's an idea... Are you ready?

Take the source code completely offline!!

Tada.

You're welcome.

 

[OortCloud]

If you can't beat em try to drag them into the same sewer your failed state is now drowning in.

 

[return]

One day soon, I fear everything will go down. That will be the "The End".

It be fine. I have porn backup on a hdd.

 

[Srksi]

That would be actually good thing. Who knows, maybe some moders finally manage to make windows working as it should with leaked source code

 

[MrSanglier]

One day soon, I fear everything will go down. That will be the "The End".

Peak cognitive bias lmao, people have been prophetizing "The End" coming in the next 10 years for as far back as history goes. Spoiler: we're still here.
Educate yourself: https://en.wikipedia.org/wiki/List_of_dates_predicted_for_apocalyptic_events#Past_predictions

 

[gamerk2]

Dear Microsoft,

Here's an idea... Are you ready?

Take the source code completely offline!!

Tada.

You're welcome.

Or at least on your intranet that you need additional credentials to log on to if you are remote. That's how my workplace does it at least (physical USB key fobs, plus randomly generated RSA pin that expires every minute).

 

[Endymio]

Another clown country model citizen.

If hacking entities in foreign nations is your ethical metric, then the US surely ranks at the top the list, followed (and soon to be surpassed) by China, the nation you purchase the majority of your consumer goods from.

 

[MrSanglier]

If hacking entities in foreign nations is your ethical metric, then the US surely ranks at the top the list, followed (and soon to be surpassed) by China, the nation you purchase the majority of your consumer goods from.

Truth.

 

[erickmendes]

That's why you don't disable Defender on Security Center.

 

[ZedRM]

Or at least on your intranet that you need additional credentials to log on to if you are remote. That's how my workplace does it at least (physical USB key fobs, plus randomly generated RSA pin that expires every minute).

No, because if hackers compromise that intranet, the problem still exists. They need to take all of their source-code repositories completely offline and keep them that way.

 

[ZedRM]

That's why you don't disable Defender on Security Center.

Windows Defender is a pathetic joke and has been for more than a decade. It needs to be removed not disabled and replaced with something that is actually competent.

 

[erickmendes]

Windows Defender is a pathetic joke and has been for more than a decade. It needs to be removed not disabled and replace with something that is actually competent.

It was a joke

 

[ZedRM]

It was a joke

Right... And I was taking that thought and running with it.