A group of criminals formerly known as Nobelium and now dubbed “Midnight Blizzard” continue to attack Microsoft's internal systems. The company announced this in a recent blog post. The attacks have been running since the end of November 2023, and since then Microsoft has apparently not been able to prevent unauthorized access.
Advertisement
The company writes that activity increased tenfold in February 2024. Among other things, password sprays are used, as was the case at the beginning. According to Microsoft, Midnight Blizzard has also used the access data it has captured so far to gain access to a repository with the company's source code. The company did not disclose which products were affected. However, there is so far no evidence that Microsoft's systems, which customers use from outside, have been compromised.
Midnight Blizzard is making its way through Microsoft's systems
The attackers' goal is to find further vulnerabilities in Microsoft's internal systems and thereby gain access to other areas. The security department in Redmond was now able to analyze Midnight Blizzard's efforts and patterns quite closely. The group has long been considered a Russian-backed malicious actor that operates in a planned manner and with many resources. Microsoft has summarized the discovered activities of Midnight Blizzard under its own blog keyword.
The company also plans to publish further findings on activities in Microsoft's network in the future. It is not stated why the company fails to permanently lock the group out of its systems. That may be somewhat understandable, as the attacks demonstrated a “previously unknown global threat situation, particularly when it comes to sophisticated attacks by nation states.”
(NO)