Microsoft Says Russian Hackers “Midnight Blizzard” AKA ‘Nobelium’ Stole Source Code in Cyberespionage

Written by Mitchell Langley

March 12, 2024

Microsoft Says Russian Hackers “Midnight Blizzard” AKA ‘Nobelium’ Stole Source Code in Cyberespionage

Microsoft recently announced that it had discovered a cyber attack conducted by Russian hackers group called “Midnight Blizzard” AKA ‘Nobelium’.


Russian Hackers from Midnight Blizzard Targeted Microsoft’s Executives and Spied on Them to Steal Data

This attack targeted the email accounts of certain members of Microsoft’s senior leadership team. It has now been revealed that the same Russian state-sponsored hackers group responsible for the SolarWinds attack is behind this incident as well.

Microsoft further disclosed that this ongoing attack has resulted in the theft of some source code.

 “In recent weeks, we have seen evidence that Midnight Blizzard [Nobelium] is using information initially exfiltrated from our corporate email systems to gain, or attempt to gain, unauthorized access,”

“This has included access to some of the company’s source code repositories and internal systems. To date we have found no evidence that Microsoft-hosted customer-facing systems have been compromised.”

Explains Microsoft in a blog post.

Russian Hackers From Nobelium (Midnight Blizzard) Actively Exploiting ‘Secrets’ to Infiltrate Microsoft

The specifics of the source code that was accessed in the cyber attack remains unclear.

However, Microsoft is cautioning that the group responsible for the attack, known as Nobelium or “Midnight Blizzard,” is now actively attempting to exploit the “secrets of different types”. Their goal is to infiltrate Microsoft and potentially compromise its customers as well.

 “Some of these secrets were shared between customers and Microsoft in email, and as we discover them in our exfiltrated email, we have been and are reaching out to these customers to assist them in taking mitigating measures,”

Says Microsoft in a statement.

Midnight Blizzard Infiltrated Microsoft Using Password Spraying

Midnight Blizzard (Nobelium) gained initial access to Microsoft’s systems through a password spray attack.

What is a Password Spraying Attack?

This type of attack involves using a vast collection of possible passwords to try and gain unauthorized access to accounts. In this case, Microsoft had set up a non-production test tenant account without enabling two-factor authentication, which allowed Nobelium to successfully infiltrate the system.

 “Across Microsoft, we have increased our security investments, cross-enterprise coordination and mobilization, and have enhanced our ability to defend ourselves and secure and harden our environment against this advanced persistent threat,”

“We have and will continue to put in place additional enhanced security controls, detections, and monitoring.”

Says Microsoft.

The password spraying attack on Microsoft occurred shortly after the company announced its intention to revamp its software security in response to significant Azure cloud attacks.

Microsoft Has Been Targeted Multiple Time in the Past Couple of Years

Microsoft has unfortunately been targeted in multiple notable security incidents in recent times.

These include the compromise of 30,000 organizations’ email servers in 2021 due to a flaw in Microsoft Exchange Server, as well as Chinese hackers infiltrating US government emails through a Microsoft cloud exploit last year.

Microsoft is currently conducting an ongoing investigation into the latest attacks by the Nobelium group on its systems.

“Our active investigations of Midnight Blizzard activities are ongoing, and findings of our investigations will continue to evolve,”

“We remain committed to sharing what we learn.”

Says Microsoft.

Midnight Blizzard is the same hacking group that targeted HPE in a recent attack.

Related Articles

Daixin Ransomware Claims Omni Hotels Cyberattack

Daixin Ransomware Claims Omni Hotels Cyberattack

The Daixin Team ransomware gang has taken responsibility for a recent cyberattack on Omni Hotels & Resorts and is currently issuing threats to publish sensitive customer information unless a ransom is paid. This development comes after the hotel chain experienced...

Stay Up to Date With The Latest News & Updates

Join Our Newsletter

 

Subscribe To Our Newsletter

Sign up to our weekly newsletter summarizing everything thats happened in data security, storage, and backup and disaster recovery

You have Successfully Subscribed!