Microsoft has revealed that Russian government hackers, known as Midnight Blizzard, have continued to break into its systems using information obtained during a hack last year. The company stated that the hackers are attempting to use secrets they have found to gain unauthorized access to its source code and internal systems.
Recent Incidents Highlight Ongoing Threat
In recent weeks, Microsoft has seen evidence of Midnight Blizzard using information initially exfiltrated from its corporate email systems to gain or attempt to gain unauthorized access. This includes access to some of the company’s source code repositories and internal systems. The tech giant disclosed these new findings in a filing with the U.S. Securities and Exchange Commission on Friday.
Timeline of Events
- January: Microsoft revealed that Russian government hackers had broken into its systems last November.
- Last year (November): Midnight Blizzard, also known as APT29 or Cozy Bear, broke into corporate email accounts of senior leadership team members and employees in cybersecurity, legal, and other functions. The goal of the operation was to figure out what information Microsoft has on them.
Midnight Blizzard’s Activities
The hacking group has been found using some secret information in emails shared between Microsoft and its customers. They have also increased their attempts to brute force accounts, known as "password spraying," tenfold since their initial attacks. The hackers’ activities show a sustained, significant commitment of resources, coordination, and focus.
Potential Motivations
Microsoft wrote that Midnight Blizzard may be using the information it has obtained to accumulate a picture of areas to attack and enhance its ability to do so. The company emphasized that this threat is ongoing and requires constant attention from cybersecurity experts.
Background on Midnight Blizzard
Midnight Blizzard is believed to be a hacking group working for Russia’s Foreign Intelligence Service, known by its Russian initials, SVR. They have been one of the most prolific government-backed hacking groups in recent years, compromising high-profile targets such as the Democratic National Committee in 2016 and SolarWinds in 2019.
Contact Information
If you know more about the ongoing Microsoft cyberattack, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram, Keybase, and Wire @lorenzofb. You can also email him at lorenzo@techcrunch.com.
Related News
- Tesla to Split $100M Award for Electric Truck Charging Corridor in Illinois
- Bluesky is Getting its Own Photo-Sharing App, Flashes
- Colossal Biosciences Raises $200M at $10.2B Valuation to Bring Back Woolly Mammoths
Subscribe to TechCrunch’s Newsletters
Stay up-to-date with the latest tech news by subscribing to TechCrunch Daily News, TechCrunch AI, and TechCrunch Space.
Microsoft Reveals Ongoing Russian Government Hack
In a recent blog post, Microsoft stated that Russian government hackers, known as Midnight Blizzard, have continued to break into its systems using information obtained during a hack last year. The company revealed that the hackers are attempting to use secrets they have found to gain unauthorized access to its source code and internal systems.
Midnight Blizzard’s Activities
The hacking group has been found using some secret information in emails shared between Microsoft and its customers. They have also increased their attempts to brute force accounts, known as "password spraying," tenfold since their initial attacks. The hackers’ activities show a sustained, significant commitment of resources, coordination, and focus.
Potential Motivations
Microsoft wrote that Midnight Blizzard may be using the information it has obtained to accumulate a picture of areas to attack and enhance its ability to do so. The company emphasized that this threat is ongoing and requires constant attention from cybersecurity experts.
Background on Midnight Blizzard
Midnight Blizzard is believed to be a hacking group working for Russia’s Foreign Intelligence Service, known by its Russian initials, SVR. They have been one of the most prolific government-backed hacking groups in recent years, compromising high-profile targets such as the Democratic National Committee in 2016 and SolarWinds in 2019.
Contact Information
If you know more about the ongoing Microsoft cyberattack, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram, Keybase, and Wire @lorenzofb. You can also email him at lorenzo@techcrunch.com.
Subscribe to TechCrunch’s Newsletters
Stay up-to-date with the latest tech news by subscribing to TechCrunch Daily News, TechCrunch AI, and TechCrunch Space.
