Microsoft Says Russian Hackers Stole Source Code by Spying Executive Emails

Photo of author

By Hiba Akbar

In a recent blog post, Microsoft says Russian hackers had been tracking its cooperation network’s top leader’s email account and stole the source code. Microsoft refers to it as an “ongoing attack.”

Key Takeaways

Russian hackers spied on the cooperation network’s top leader’s email account and stole the source code.
On January 12, 2024, the Microsoft security team spotted a Nation State attack.
The attack began in November 2023.
Threat actor Midnight Blizzard, also known as Nobelium and the same group as the Solar Wind Hack.
There is no evidence that Microsoft-hosted customer-facing systems were compromised.

In 2021, 30,000 organizations’ email servers were hijacked due to a Microsoft Exchange Server vulnerability, and last year, Chinese hackers gained access to US government emails via a Microsoft cloud exploit. Microsoft has been the target of several high-profile cyber attacks in recent years.

Recently, researchers also uncovered security flaws in Windows Hello Fingerprint Authentication.

A few days back, Microsoft had declared its intention to completely revamp its software security in response to severe attacks on its Azure cloud but again got affected by a Russian hacking group.

On January 12, 2024, the Microsoft security team spotted a Nation State attack and identified the threat actor Midnight Blizzard, also known as Nobelium, the Russian-sponsored attackers.

Microsoft further states that the attack began in November 2023, and the gang responsible for spying on their executive’s email account is the same as the Solar Wind Hack. Their current goal is to use the obtained data to penetrate the program and impact customers.

Microsoft claims, “In recent weeks, we observed evidence that Midnight Blizzard is gaining, or attempting to obtain, unauthorized access to our business email systems utilizing information that was exfiltrated and has access to the company’s source code repositories and internal systems.

Till now, no indication has been found that Microsoft-hosted customer-facing systems were compromised.”

Midnight Blizzard is attempting to utilize the different secrets it has found. Microsoft contacted customers to assist them in taking mitigating steps after discovering these secrets through their exfiltrated emails. All of this resulted in the disclosure of secrets in emails between Microsoft and its clients.

In January 2024, the assault was high, but Midnight Blizzard increased the assault volume by up to tenfold, particularly for password spraying.

The threat actor’s consistent, significant investment of resources, coordination, and focus sets apart Blizzard’s ongoing campaign. It could be using the information it gathered to create a map of the target areas and improve its ability to attack them. This underscores the unusual character of the global threat scenario, especially with highly skilled nation-state strikes.

Facing several threats Microsoft is showcasing a deterministic approach and loudly saying that: 

“We have strengthened our ability to protect ourselves and safeguard and harden our environment against this advanced persistent threat by increasing our security investments, cross-enterprise cooperation, and mobilization. We have implemented and will persist in implementing supplementary advanced security measures, alerts, and observation systems.”

Want more updates about what’s happening around us? Visit our website Daily Digital Grind!

Also, update your knowledge about Windows Exploitation by Lazarus Hackers!