Microsoft has said that Russian foreign intelligence-linked hackers again tried to break into its systems, using data stolen from corporate emails in January to access the tech giant whose products are widely used across the national security establishment in the US.
According to a Reuters report, some analysts are concerned about the safety or systems and services at Microsoft. The analysts are worried about national security risks about the alleged role of Nobelium or Midnight Blizzard, a purported Russian state-sponsored group.
ALSO READ: Rajasthan youth held for allegedly selling govt, citizen’s data on dark web
In January this year, Microsoft had disclosed details about the security breach, stating that hackers tried to break into corporate email accounts including those of senior company leaders and cybersecurity, legal and other functions.
“In recent weeks, we have seen evidence that Midnight Blizzard is using information initially exfiltrated from our corporate email systems to gain, or attempt to gain, unauthorised access,” Microsoft’s blog post stated.
Jerome Segura, principal threat researcher at cybersecurity firm Malwarebytes’ Threatdown Labs, told Reuters, said that it is not surprising that Microsoft is being targeted, adding that it was ‘unnerving’ that the attack was still underway despite Microsoft’s efforts to thwart access.
ALSO READ: Chinese hackers breached immigration data from Indian government: Report
Which data was stolen by Russian hackers?
Microsoft said that the hackers stole the access to source code repositories and internal systems. “This is the kind of thing that we’re really worried about.The attacker would want to use (Microsoft’s) secrets to get into production environments, and then compromise software and put backdoors and things like that,” Segura said.
According to Microsoft, the hackers had breached the staff emails by using a dormant account via a ‘password spray’ attack i.e using the same password on multiple accounts until they break into one.
“This seems like it’s something very targeted, and if (the hackers) are that deep inside Microsoft, and Microsoft hasn’t been able to get them out in two months, then there’s a huge concern,” Adam Meyers, a senior vice president at the cybersecurity firm Crowdstrike, told the agency.
ALSO READ: US to award upto $10mn for info on Hive ransomware hackers; how do they operate?
What is Midnight Blizzard?
Midnight Blizzard or Nobelium targets governments, diplomatic entities and non governmental organisations. In January, Microsoft had said that the hacker group targeted it because the technology giant carried out robust research unravelling Midnight Blizzard’s operations.
Microsoft’s threat intelligence team has been investigating and sharing research on Nobelium since at least 2021, when the group was found to be behind the SolarWinds cyberattack that compromised a raft of U.S. government agencies.
The persistent attempts to breach Microsoft are a sign of “sustained, significant commitment of the threat actor’s resources, coordination, and focus,” the company said on Friday.