08 Mar Microsoft says Russian hacking group is still trying to crack its systems
A logo sits illuminated at the Microsoft booth in the Mobile World Congress 2024 on February 26, 2024 in Barcelona, Spain.
Xavi Torrent | Getty Images News | Getty Images
Microsoft on Friday said that Russian group Nobelium, which the company refers to as Midnight Blizzard, has been trying to access its internal systems and source code repositories.
“In recent weeks, we have seen evidence that Midnight Blizzard is using information initially exfiltrated from our corporate email systems to gain, or attempt to gain, unauthorized access. This has included access to some of the company’s source code repositories and internal systems,” Microsoft said in a blogpost.
“To date we have found no evidence that Microsoft-hosted customer-facing systems have been compromised.”
Microsoft said Midnight Blizzard was trying to access secrets, including those shared between Microsoft and its customers, but that it was reaching out and helping affected customers.
“Midnight Blizzard has increased the volume of some aspects of the attack, such as password sprays, by as much as 10-fold in February, compared to the already large volume we saw in January 2024,” it said.
Microsoft said it had enhanced its security investment and efforts to defend itself from the attack and that it had ramped up monitoring and control measures.
The company first said in January that it had detected a cyberattack from Nobelium, which saw the Russian group hack emails from top executives. At the time, Microsoft said there was no evidence of the hacker group accessing customer data, production systems of proprietary source code.
Shortly after the attack on Microsoft, Hewlett Packard Enterprise said that it’s cloud-based email system had also been compromised.
Nobelium is considered part of Russia’s foreign intelligence service SVR by the U.S. government and is also known as Cozy Bear or APT29, alongside Midnight Blizzard.
Russia has multiple times been accused of cyberattacks against Western countries and companies throughout their war on Ukraine.
In December of 2023, Britain’s National Cyber Security Centre said Russia had targeted politicians, journalists and civil servants in a multi-year “campaign of malicious cyber activity” that aimed to undermine democracy.