Microsoft has revealed more details on the January 2024 breach by Kremlin-backed threat actor Midnight Blizzard (aka APT29 aka NOBELIUM)
“In recent weeks, we have seen evidence that Midnight Blizzard is using information initially exfiltrated from our corporate email systems to gain, or attempt to gain, unauthorized access,”
“This has included access to some of the company’s source code repositories and internal systems. To date, we have found no evidence that Microsoft-hosted customer-facing systems have been compromised.” the company said in a blog post.
Microsoft stated that Midnight Blizzard is attempting to exploit various types of sensitive information it exfiltrated, including secrets shared between Microsoft and its customers via email.
Microsoft says it has notified impacted customers to assist them in taking mitigation measures.
The ongoing Midnight Blizzard campaign is characterised by “a sustained, significant commitment” from the threat actors in terms of resources, coordination, and focus, according to Microsoft.
The company warned the hackers may be using stolen data to map out Microsoft’s systems and bolster their ability to carry out further damaging attacks.
The company stated it has increased security investments, improved cross-organisation defenses, and implemented enhanced monitoring and hardening measures against Midnight Blizzard’s persistent threats.
The Midnight Blizzard hacking group is one of Russia’s most sophisticated and formidable state-sponsored threat actors.
Also tracked as APT29 or Cozy Bear, the group has been linked to Russia’s Foreign Intelligence Service (SVR) and has a long history of high-profile operations.
