Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Microsoft said a Russian-backed hacking group has been trying to access its internal systems using information stolen from their corporate emails in January.
Microsoft said the hacking group Nobelium – referred to as Midnight Blizzard – have in recent weeks used information hacked from their corporate emails to gain “access to some of the company’s source code repositories and internal systems,” it said on Friday.
The company said Nobelium was attempting to use such information to access “secrets of different types,” including those shared between Microsoft and its customers in email.
It’s not clear what type of source code was being infiltrated.
Source codes are used by companies to store code and sensitive information, including web pages, privacy and trade secrets, and documents – similar to a library.
They are targeted by hackers because a breach could lead them to take over the entire software program.
READ MORE: ICC issues warrants against two Russian officers accused of war crimes
The company said the hacking group “has increased the volume of some aspects of the attack, such as password sprays, by as much as 10-fold” last month, compared to the “already large volume” in January.
Microsoft first revealed in January that its security team had detected a “nation-state” cyberattack from Nobelium on their corporate systems.
This breach allowed the group to spy on emails from the company’s senior leaders and employees.
At the time, Microsoft said there was no evidence of the hacking group gaining access to “customer environments, production systems, source code, or AI systems.”
This cyberattack comes a few days before another tech company, Hewlett Packard Enterprise, said that its cloud-based email system was hacked by the same group.
The exact purpose of the attacks is not clear, but tech experts say Nobelium has a history of conducting espionage and intelligence-gathering campaigns on behalf of the Kremlin.
Nobelium – also known as Blue Bravo or APT29 – was considered part of Russia’s Foreign Intelligence Service (SVR), an agency known for intelligence gathering, foreign espionage, and electronic surveillance, according to cybersecurity firm Recorded Future.
The group, for example, was responsible for the large-scale breach of software company and government contractor Solarwinds in 2020, which triggered a chain of breaches of hundreds of private sector companies using the software.
Some of the victims also included federal US agencies, such as the departments of Defense, Homeland Security, and Commerce.
Following the breach, four US cyber-security agencies, including the FBI, CISA, ODNI, and the NSA, had issued a joint statement accusing Russia’s foreign intelligence service as the mastermind.
It said: “This work indicates that an Advanced Persistent Threat (APT) actor, likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and non-governmental networks.”
The Kremlin has denied its involvement in the breach.
Moscow has been accused multiple times by Washington and its European allies that it has engaged in a wave of cyberattacks on Western countries and its critical infrastructure since the start of its invasion on Ukraine.
Microsoft said the investigation remains ongoing, adding that it have so far found “no evidence that Microsoft-hosted customer-facing systems have been compromised.”
The company added that it had increased its security investment and ability to defend itself from the cyberattack.
“We have and will continue to put in place additional enhanced security controls, detections, and monitoring,” it said.