Microsoft has confirmed that Russian state-backed hacking group “Midnight Blizzard” (also known as Nobelium) has stolen source code from the tech giant.
The same group is suspected to be behind the infamous SolarWinds attack. This breach follows a January espionage campaign where the hackers accessed email accounts belonging to Microsoft’s senior leadership.
“In recent weeks, we have seen evidence that Midnight Blizzard [Nobelium] is using information initially exfiltrated from our corporate email systems to gain, or attempt to gain, unauthorized access,” explains Microsoft in a blog post. “This has included access to some of the company’s source code repositories and internal systems. To date we have found no evidence that Microsoft-hosted customer-facing systems have been compromised.”
Microsoft disclosed that stolen information from its corporate email systems is being actively weaponized by hackers to infiltrate internal systems and access source code repositories. While the tech giant states there is no evidence of compromised customer-facing systems, the full extent of the breach remains unclear.
The Russian group is trying to use secrets discovered during the email breach to further compromise Microsoft and potentially its customers. Microsoft is proactively reaching out to customers whose information might have been exposed to assist in mitigation efforts.
Nobelium first breached Microsoft’s systems late last year using a password spray attack that targeted a vulnerable test account without two-factor authentication. Microsoft emphasizes that ongoing investigations are underway and has pledged to share findings as they evolve. The company is also bolstering security investments, coordination, and defense mechanisms.
