Microsoft says Russian state-sponsored hackers are once again trying to penetrate their systems

The Russian embassy in Washington did not immediately respond to a request for comment on Microsoft’s statement. It also has not responded to Microsoft’s previous statements about Midnight Blizzard’s activity.

Microsoft said Friday that a Russian state-sponsored hacking group called Midnight Blizzard was again trying to penetrate its systems, using information it stole from the tech giant’s work emails in January.

The revelation shows that the hacking group’s analysts linked to Russian intelligence are persistent and focused on penetrating Microsoft, one of the world’s largest software makers and a major supplier of digital services and infrastructure to the US government.

The Russian embassy in Washington did not immediately respond to a request for comment on Microsoft’s statement. It also has not responded to Microsoft’s previous statements about Midnight Blizzard’s activity.

In January, Microsoft said it had discovered that the hackers tried to compromise “a very small percentage” of its corporate email accounts, including members of its senior leadership team and people in cybersecurity, legal and other functions.

It appears the hacking group, also known as Nobelium, is trying to use the data they subsequently stole to break into Microsoft systems again, the company said.

“In recent weeks, we have seen evidence that Midnight Blizzard is using information initially exfiltrated from our corporate email systems to gain or attempt to gain unauthorized access,” a blog post said.

That data includes some of the source code repositories and internal systems, the company added. Shares fell after the news.

“It is clear that Midnight Blizzard is trying to use secrets from various species it has found,” it added.

“Some of these secrets were shared via email between customers and Microsoft, and now that we have discovered them in our exfiltrated email, we have contacted these customers to help them take mitigation measures.” Microsoft did not name the affected customers.

It was also said that the hackers had become more aggressive in their targeting, and that their use of ‘password sprays’ – where an attacker uses the same password on multiple accounts in the hope of breaking in – had increased as much as tenfold compared to their attack in January. .

In its January statement, the company had said it was likely that Midnight Blizzard targeted the company because of Microsoft’s own robust investigation that unraveled the hacking group’s activities. Microsoft’s threat intelligence team has been sharing research on Nobelium since December 2020, when it released a four-part series on it. One was titled “How Nation State Attackers Like NOBELIUM Are Changing Cybersecurity.”

The continued attempts to breach Microsoft are a sign of “sustained, significant deployment of threat actor resources, coordination, and focus,” the company said in its latest blog.

“It could use the information obtained to build a picture of the areas to attack and increase its ability to do so.”

There was no evidence that Microsoft’s customer-facing systems were compromised during the hack, the company added.