Microsoft reported on Friday that the Russian group Nobelium, also known as Midnight Blizzard, attempted to access corporate networks and source code repositories.
“In recent weeks, we have seen evidence that Midnight Blizzard is using information originally exfiltrated from our corporate email systems to gain, or attempt to gain, unauthorized access.” “This has included access to some of the company’s source code repositories and internal systems,” Microsoft wrote in a blog post.
“To date we have found no evidence that Microsoft-hosted customer-facing systems have been compromised.”
Microsoft stated that Midnight Blizzard was attempting to obtain secrets, including those exchanged between Microsoft and its customers, but that it was reaching out to assist affected customers.
“Midnight Blizzard has increased the volume of some aspects of the attack, such as password sprays, by as much as 10-fold in February, compared to the already large volume we saw in January 2024,” it stated in a statement.
Microsoft stated that it had increased its security investment and defense efforts in response to the incident, as well as increased monitoring and control mechanisms.
The corporation originally announced in January that it had discovered a cyberattack by Nobelium, which involved the Russian outfit hacking emails from key executives. At the time, Microsoft stated that there was no proof that the hacker group had accessed customer data, production systems, or proprietary source code.
Shortly after the attack on Microsoft, Hewlett Packard Enterprise announced that their cloud-based email system had also been infiltrated.
The US government considers Nobelium, also known as Cozy Bear or APT29, to be part of Russia’s foreign intelligence arm SVR, along with Midnight Blizzard.
Throughout the conflict in Ukraine, Russia has been accused of carrying out cyberattacks against Western countries and businesses.
In December 2023, Britain’s Centre said that Russia had National Cyber Security targeted politicians, journalists, and civil servants in a multi-year “campaign of malicious cyber activity” aimed at undermining democracy.
