March 8, 2024 at 11:57PM
Microsoft disclosed that the Kremlin-backed threat actor Midnight Blizzard gained access to some source code repositories and internal systems following a hack in January 2024. The company stated that it is investigating the extent of the breach and has increased its security investments in response to the attack. The breach is attributed to the threat actor APT29.
From the meeting notes, it is clear that Microsoft disclosed a cyber attack by a Kremlin-backed threat actor called Midnight Blizzard (also known as APT29 or Cozy Bear). The attack involved unauthorized access to some of Microsoft’s source code repositories and internal systems, which were initially accessed through exfiltrated corporate email information. Microsoft stated that they have found no evidence of compromise in their customer-facing systems but did not disclose the specific secrets accessed or the scale of the compromise. The breach, which occurred in November 2023, involved a password spray attack targeting a legacy, non-production test tenant account without multi-factor authentication (MFA). Microsoft has observed a significant increase in password spray attacks in February. It is noteworthy that Midnight Blizzard is associated with Russia’s Foreign Intelligence Service (SVR) and is known for sophisticated and prolific hacking activities, such as the SolarWinds compromise. Microsoft has increased its security investments in response to this ongoing threat.