Microsoft disclosed on Friday that after a hack that surfaced in January 2024, the threat actor known as Midnight Blizzard—also known as APT29 or Cozy Bear—with support from the Kremlin was able to access a number of its internal systems and source code repositories.

“In recent weeks, we have seen evidence that Midnight Blizzard is using information initially exfiltrated from our corporate email systems to gain, or attempt to gain unauthorized access. This has included access to some of the company's source code repositories and internal systems. To date, we have found no evidence that Microsoft-hosted customer-facing systems have been compromised.” Stated by the tech giant.

Redmond, which is still looking into the scope of the breach, stated that the state-sponsored threat actor from Russia is trying to take advantage of the many kinds of secrets it has discovered, including email correspondence between Microsoft and its clients. It claimed to have contacted the affected clients personally, but it withheld the nature of these secrets and the extent of the compromise. What source code was accessed is unclear.

Microsoft added that it has raised its security investments and that, in February, the adversary increased the volume of password spray attacks by up to 10 times, as opposed to the "already large volume" that had been seen in January.

The attack by Midnight Blizzard is typified by a persistent and substantial allocation of the threat actor's resources, coordination, and concentration. It might be making use of the data it has gathered to build up a picture of target locations and improve its capacity to attack them. This is a reflection of the increasingly unique global threat environment, particularly concerning highly skilled nation-state attacks. It stated.

According to reports, the Microsoft breach occurred in November 2023. Using a password spray assault, Midnight Blizzard was able to successfully get access to a legacy, non-production test tenant account that did not have Multi-Factor Authentication (MFA) activated. The IT giant disclosed in late January that APT29 had exploited a variety of initial access techniques, including supply chain assaults and credentials theft, to target other firms.

A component of Russia's Foreign Intelligence Service (SVR) is Midnight Blizzard. The threat actor is one of the most active and skilled hacker outfits, having compromised high-profile targets since at least 2008.

Was this article interesting to you? Join our TTB Community on LinkedIn to read more of our content.