Microsoft says it is still facing Russian cyberattacks — internal systems hit as computing giant comes under attack

OpenVPN-protokollet - därför är det så bra (Image credit: Shutterstock)

A campaign of Russian cyberattacks against Microsoft which began late in 2023 is still ongoing, the company has confirmed.

Earlier this year, news broke of Russian state-sponsored threat actors known as Midnight Blizzard (AKA Nobelium) breaching Microsoft’s infrastructure and stealing sensitive information from highly-positioned individuals, including senior executives. The attack seems to have happened some time in November 2023, and was first observed in mid-January this year.

“Some emails and attached documents” were stolen, Microsoft said at the time. “To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems.”

Turning up the heat on Microsoft

Now, in an updated announcement, Microsoft said that Midnight Blizzard was using the information it previously obtained, to further compromise its endpoints and infrastructure. 

”It is apparent that Midnight Blizzard is attempting to use secrets of different types it has found,” the announcement explains. “Some of these secrets were shared between customers and Microsoft in email, and as we discover them in our exfiltrated email, we have been and are reaching out to these customers to assist them in taking mitigating measures.” 

Microsoft wasn’t specific on the success of this extended campaign. Midnight Blizzard either breached, or at least tried to breach, “some of the company’s source code repositories and internal systems,” the company confirmed. “To date we have found no evidence that Microsoft-hosted customer-facing systems have been compromised.” 

The volume of some aspects of the attack, such as password sprays, increased by a factor of 10 in February, the company further stressed. Nobelium is committing significant resources, and is well organized and focused, Microsoft added.

Last time we heard of Nobelium was in March 2023, when the group breached 40 firms via compromised Microsoft 365 accounts - but it is perhaps best known for its cyberattacks against SolarWinds in 2019 and the Democratic National Committee in 2015.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.