In an article published this Friday, March 8, 2024, Microsoft confirmed that it was the target of Midnight Blizzard, a group of Russian hackers financed by the Kremlin, which focused its strike force on the American giant to steal data. . The first Midnight Blizzard attack happened last January, when hackers managed to hack into the mailboxes of several Microsoft executives.
The hackers, who experts often associate with the Russian government, clearly want valuable information from Microsoft.
I suggest you find the following official article translated into French for the occasion.
This blog provides an update on the nation-state attack discovered by the Microsoft security team on January 12, 2024. As we reported, on January 19, the security team detected this attack on our corporate email systems and immediately activated our response process. . A Microsoft Threat Intelligence investigation identified the threat actor as Midnight Blizzard, a Russian state-sponsored actor also known as Nobelium.
As we said at the time, our investigation is ongoing and we will provide additional details as appropriate.
In recent weeks, we have received evidence that Midnight Blizzard was using information extracted from our corporate email systems to gain or attempt to gain unauthorized access. This includes access to certain source code repositories and internal company systems. To date, we have found no evidence that Microsoft-hosted client systems were compromised.
It’s clear that Midnight Blizzard is trying to use the variety of secrets she’s discovered. Some of these secrets have been shared between customers and Microsoft via email, and as we discovered them in our agitated emails, we reached out to those customers to help them take remedial action. Midnight Blizzard reported a 10-fold increase in the volume of some aspects of the attack, such as password spraying, in February, compared to the large volume already seen in January 2024.
An ongoing midnight blizzard attack is characterized by a sustained and significant commitment of resources, coordination and focus by the threat actor. He can use the information he gains to map out areas to attack and improve his capabilities. This situation reflects what has become an unprecedented global threat landscape more broadly, particularly with regard to sophisticated nation-state attacks.
Across Microsoft, we’ve increased our investment in security, integration and connectivity across businesses, and we’ve strengthened our ability to secure and harden our environment against this advanced persistent threat. We have implemented and will continue to implement additional security controls, detection and monitoring.
Our active investigation into Midnight Blizzard’s activities is ongoing and the results of our investigation will continue to develop. We remain committed to sharing what we learn.
