Russian State-Sponsored Hackers Stole Microsoft Source Code

Security hero image

Key Takeaways:

  • Russian state-sponsored hackers, identified as Midnight Blizzard, breached Microsoft’s corporate email servers earlier this year, raising concerns about cybersecurity vulnerabilities.
  • The hackers have now escalated their attack by compromising Microsoft’s source code and other internal systems, potentially accessing sensitive information.
  • Microsoft urges customers to enhance security measures, including enabling multifactor authentication, in response to the ongoing threat posed by the hackers.

Earlier this year, Microsoft disclosed a breach in its corporate email servers by Russian state-sponsored hackers. Now, the company revealed that the same hackers, known as Midnight Blizzard, have infiltrated Microsoft’s source code and other internal systems.

In January, Microsoft unveiled that Midnight Blizzard had successfully gained unauthorized access to the email accounts of some of its senior leadership team members in late November 2023. The hackers used password spray attacks to target Microsoft’s non-production test accounts. The goal of the attack was to obtain information about what Microsoft knew regarding the hacking group.

In a recent blog post, Microsoft detailed that the hacking group has used stolen data from compromised emails to access some of its source code repositories. The hackers have also increased their brute force attacks by ten times since the initial attacks. This technique, known as password spraying, involves attempting common passwords across multiple accounts to gain unauthorized access. However, Microsoft assured that the attack may not have impacted its services to customers.

“It is apparent that Midnight Blizzard is attempting to use secrets of different types it has found. Some of these secrets were shared between customers and Microsoft in email, and as we discover them in our exfiltrated email, we have been and are reaching out to these customers to assist them in taking mitigating measures,” Microsoft explained.

Microsoft stresses MFA amidst persistent Russian attacks

Microsoft has also released an updated 8-K form with more details about the unauthorized access to its internal systems. The company has warned that the attackers are still using the stolen data to gain access to its source code repositories. To prevent sophisticated cyberattacks, it is highly recommended that all customers enable multifactor authentication (MFA) on all accounts.

Last week, Microsof announced its expanded efforts to bolster the software security engineering approach. The company also plans to automate the management of Entra ID and Microsoft Account (MSA) keys later this year, and you can find more information in our separate post.