In January, the Microsoft Security Team detected a nation-state attack on its corporate email systems by a Russian state-sponsored actor, Midnight Blizzard, also known as Nobelium.
In this attack, emails and documents from staff accounts were stolen.
In an update to the above breach, the Redmond giant on Friday said the hackers are still trying to access its systems and successfully stole “some of the company’s source code repositories and internal systems” using authentication secrets stolen during the January cyberattack.
“In recent weeks, we have seen evidence that Midnight Blizzard [Nobelium] is using information initially exfiltrated from our corporate email systems to gain, or attempt to gain, unauthorized access,” Microsoft said in a blog post update on Friday.
“This has included access to some of the company’s source code repositories and internal systems. To date we have found no evidence that Microsoft-hosted customer-facing systems have been compromised.”
Microsoft said that Midnight Blizzard is attempting to use secrets of different types it has found, of which some of the secrets were shared between customers and Microsoft in email, which are likely passwords, certificates, credentials, and authentication keys.
The company has already begun contacting the affected customers to assist them in taking mitigating measures, as it discovers this information in its exfiltrated email.
Further, the company says that Midnight Blizzard has increased the volume of some aspects of the attack, such as password sprays, by as much as 10-fold in February, compared to the already large volume seen in January 2024.
The company said password sprays are a type of brute-force attack in which a hacker uses a few commonly used passwords to try to access multiple target accounts (usernames).
“Midnight Blizzard’s ongoing attack is characterized by a sustained, significant commitment of the threat actor’s resources, coordination, and focus. It may be using the information it has obtained to accumulate a picture of areas to attack and enhance its ability to do so,” Microsoft said.
“This reflects what has become more broadly an unprecedented global threat landscape, especially in terms of sophisticated nation-state attacks,” it added.
Microsoft says it has increased its security investments, cross-enterprise coordination and mobilization and has enhanced its ability to defend itself against advanced persistent threat actors
“We have and will continue to put in place additional enhanced security controls, detections, and monitoring. Our active investigations of Midnight Blizzard activities are ongoing, and findings of our investigations will continue to evolve. We remain committed to sharing what we learn,” Microsoft concluded.
