Russian state-sponsored hackers compromised Microsoft source code repositories

Facepalm: Microsoft has issued a new update regarding the nation-state attack it uncovered in January. Kremlin-sponsored hackers known as 'Midnight Blizzard' inflicted significant damage, and Redmond confirms they are still attempting to disrupt its systems.

Microsoft's security team earlier this year detected an attack on its systems that had been ongoing since November 2023. The culprits were identified as the Russian cyber-spy group known as Midnight Blizzard, Apt29, Nobelium, or Cozy Bear. Microsoft initially downplayed the damage to its corporate networks.

However, further investigation by Microsoft has uncovered evidence of additional intrusions by the Midnight Blizzard hackers in recent weeks. These Kremlin spies used information exfiltrated from the initial attack to gain further unauthorized access, achieving some success.

The hackers breached some of Microsoft's source code repositories and unspecified "internal systems." To date, Redmond has found no evidence that hosted, customer-facing systems (including the Azure platform) have been compromised. However, this situation may evolve as the investigation progresses in the coming weeks.

Microsoft initially stated that there was no evidence of potential intrusion into the company's customer environments, production systems, and source code archives. The ongoing investigation has revealed additional attempts by Midnight Blizzard to utilize various "secrets" stolen in the original attack for new hacking initiatives.

Some of these secrets originated from emails exchanged between Microsoft and its customers. The company has reached out to all affected parties to recommend appropriate "mitigating measures." In January, Midnight Blizzard compromised a legacy, non-production test account using a password spray attack – an attempt to guess a known user password from a list of common passwords.

According to Microsoft, password spray and other brute-force attacks by Midnight Blizzard surged by as much as tenfold in February compared to the already "large volume" of attacks in January 2024. The Kremlin hackers are displaying a sustained and "significant commitment" of resources, coordination, and focus to attack Microsoft systems. There's concern that they may leverage newly stolen information to identify additional areas of attack. This showcases the sophistication and unprecedented nature of nation-state cyber attacks.