Russian hackers breached Microsoft's systems, accessed source code

Hacking group known as Midnight Blizzard strikes Microsoft again! Microsoft provides updates on the breach by Russian hackers.

Microsoft has reported that the Russian hacking group known as 'Midnight Blizzard' has gained unauthorized access to certain internal systems and source code repositories. This breach occurred through the use of authentication secrets stolen during a cyberattack in January.

Earlier this year, Microsoft disclosed that Midnight Blizzard, also known as NOBELIUM, had compromised corporate email servers through a password spray attack. This attack granted access to a legacy non-production test tenant account.

Subsequent investigations revealed that this test account lacked multi-factor authentication, providing the threat actors with an avenue to breach Microsoft's systems.

Today, Microsoft has revealed that Russian hackers, Midnight Blizzard has been utilizing data obtained from the breach to infiltrate certain systems and source code repositories of the company in recent weeks.

A recent blog post by the Microsoft Security Response Center states, "In recent weeks, we have observed evidence indicating that Midnight Blizzard is leveraging information initially obtained from our corporate email systems to gain unauthorized access or attempt to do so."

The post further explains, "This has included unauthorized access to some of the company's source code repositories and internal systems. As of now, there is no indication that Microsoft's customer-facing systems hosted by the company have been compromised."

While Microsoft has not provided specific details about the nature of these "secrets," they are believed to encompass authentication tokens, API keys, or credentials.

Microsoft has initiated the process of notifying customers whose secrets were exposed to the threat actors through stolen emails exchanged between them and Microsoft.

"It is evident that Midnight Blizzard is endeavoring to exploit various types of secrets it has obtained. Some of these secrets were exchanged between customers and Microsoft via email, and as we identify them within our compromised email data, we are proactively reaching out to these customers to assist them in implementing mitigative measures," added Microsoft.

A password spray attack is a form of brute force assault in which malicious actors compile a list of potential login names and systematically attempt to access each one using an extensive array of possible passwords. If an initial password proves unsuccessful, they persist with further attempts until they either exhaust all options or gain unauthorized entry into the account.

Given the susceptibility to such attacks, it's imperative for companies to implement Multi-Factor Authentication (MFA) on all accounts. This additional layer of security helps deter unauthorized access even if login credentials are correctly guessed.

In a revised Form 8-K submission to the SEC, Microsoft has disclosed that they've bolstered security measures across their organization to fortify defenses against advanced persistent threat actors.

Key takeaways for your Businesses

1. Vulnerability Awareness: Businesses should understand that they are also potential targets for cyberattacks, including sophisticated techniques like password spray attacks. Being aware of such threats is crucial for implementing effective security measures.
   

2. Importance of MFA: Businesses should prioritize implementing Multi-Factor Authentication (MFA) across all accounts, including email and other sensitive systems. This additional layer of security can significantly reduce the risk of unauthorized access, even if passwords are compromised.
   

3. Regular Security Audits: Conducting regular security audits to identify vulnerabilities and weaknesses in systems and processes is essential. Businesses should assess their current security posture and take steps to address any gaps or deficiencies.
   

4. Investing in Security Measures: While small & medium sized businesses may have limited resources compared to larger organizations, investing in cybersecurity measures is critical for protecting sensitive data and maintaining business continuity. This could include investing in security software, employee training, and implementing best practices for data protection.
   

5. Collaboration with Security Experts: Businesses may benefit from partnering with cybersecurity experts or consulting firms to assess their security needs, develop a robust security strategy, and provide guidance on implementing effective security measures.