Microsoft on Friday revealed that the Kremlin-backed menace actor generally known as Midnight Blizzard (aka APT29 or Cozy Bear) managed to realize entry to a few of its supply code repositories and inner programs following a hack that got here to gentle in January 2024.
“In current weeks, we’ve got seen proof that Midnight Blizzard is utilizing info initially exfiltrated from our company electronic mail programs to realize, or try to realize, unauthorized entry,” the tech big mentioned.
“This has included entry to among the firm’s supply code repositories and inner programs. So far we’ve got discovered no proof that Microsoft-hosted customer-facing programs have been compromised.”
Redmond, which is constant to analyze the extent of the breach, mentioned the Russian state-sponsored menace actor is trying to leverage the several types of secrets and techniques it discovered, together with people who have been shared between prospects and Microsoft in electronic mail.
It, nonetheless, didn’t disclose what these secrets and techniques have been or the size of the compromise, though it mentioned it has straight reached out to impacted prospects. It is not clear what supply code was accessed.
Stating that it has elevated in its safety investments, Microsoft additional famous that the adversary ramped up its password spray assaults by as a lot as 10-fold in February, in comparison with the “already giant quantity” noticed in January.
“Midnight Blizzard’s ongoing assault is characterised by a sustained, vital dedication of the menace actor’s assets, coordination, and focus,” it mentioned.
“It could be utilizing the data it has obtained to build up an image of areas to assault and improve its capacity to take action. This displays what has develop into extra broadly an unprecedented international menace panorama, particularly by way of refined nation-state assaults.”
The Microsoft breach is claimed to have taken place in November 2023, with Midnight Blizzard using a password spray assault to efficiently infiltrate a legacy, non-production take a look at tenant account that didn’t have multi-factor authentication (MFA) enabled.
The tech big, in late January, revealed that APT29 had focused different organizations by benefiting from a various set of preliminary entry strategies starting from stolen credentials to provide chain assaults.
Midnight Blizzard is taken into account a part of Russia’s Overseas Intelligence Service (SVR). Energetic since at the least 2008, the menace actor is among the most prolific and complex hacking teams, compromising high-profile targets reminiscent of SolarWinds.