March 8, 2024 at 10:34AM
Microsoft discovered that the Russian hacking group ‘Midnight Blizzard’ accessed their internal systems and source code after stealing authentication secrets in January. They gained access using a non-production test account without multi-factor authentication. Microsoft is informing affected customers and increasing security measures to defend against these advanced persistent threats.
From the meeting notes, it is clear that Microsoft has been the target of a cyberattack by the Russian hacking group ‘Midnight Blizzard’, which has been ongoing since a January cyberattack that compromised the company’s systems and source code repositories. The cyber attackers were able to access Microsoft’s internal systems and source code repositories using stolen authentication secrets obtained during the attack. They also gained access to a test tenant account and an OAuth application with elevated access to Microsoft’s corporate environment.
Microsoft has disclosed that Midnight Blizzard is utilizing the information initially exfiltrated from their corporate email systems to gain unauthorized access to their systems and source code repositories. The company has also reported that the threat actors are attempting to use stolen secrets, such as authentication tokens, API keys, or credentials, to gain unauthorized access to targeted systems.
In response to the cyberattack, Microsoft has taken various measures to enhance its security, including increasing security investments, cross-enterprise coordination, and mobilization to defend and secure its environment against the advanced persistent threat. Additionally, they have started reaching out to customers whose secrets were exposed to provide assistance in taking mitigating measures.
Microsoft has also noted that Midnight Blizzard is ramping up its password spray attacks against targeted systems, highlighting the importance of configuring multi-factor authentication (MFA) on all accounts to prevent unauthorized access, even if credentials are correctly guessed.
In an amended Form 8-K filing with the SEC, Microsoft has indicated that they are coordinating with federal law enforcement to investigate the threat actor and the incident, emphasizing the importance of continued efforts to safeguard against sophisticated cyber threats.