Microsoft
has said that “Russian state-sponsored” hackers are again trying to gain unauthorised access to its internal systems. Identifying the threat actor as
Midnight Blizzard
,
Microsoft Threat Intelligence
said that this group is also known as
Nobelium
, which accessed emails of some senior leadership, including CEO Satya Nadella’s close circle last time.
According to the company, the hackers continue to break into its systems using information they obtained during a hack last year. This time, they have targeted Microsoft’s source code and other internal systems.
“In recent weeks, we have seen evidence that Midnight Blizzard is using information initially exfiltrated from our corporate email systems to gain, or attempt to gain, unauthorised access. This has included access to some of the company’s source code repositories and internal systems,” Microsoft wrote in a blog post.
As per the company, it has not found any evidence that Microsoft-hosted customer-facing systems have been compromised.
What data hackers are using to attack Microsoft
Microsoft says that Midnight Blizzard is attempting to use secrets of different types it found. These include secrets shared between customers and Microsoft in email.
“And as we discover them in our exfiltrated email, we have been and are reaching out to these customers to assist them in taking mitigating measures,” the company said.
Midnight Blizzard is also said to have increased the volume of some aspects of the attack, such as password sprays, by as much as 10-fold in February, compared to the large volume seen in January.
“Midnight Blizzard’s ongoing attack is characterised by a sustained, significant commitment of the threat actor’s resources, coordination, and focus. It may be using the information it has obtained to accumulate a picture of areas to attack and enhance its ability to do so,” the company noted.
Microsoft says it is actively investigating the activities of Midnight Blizzard.