Microsoft has announced that a notorious hacker group supported by the Russian government, known as Midnight Blizzard (also known as APT29 or Cosy Bear), managed to gain access to some source code repositories and internal systems following a hack that emerged in January 2024.
Today, the company announced that the attack is ongoing. In a blog post, the company stated, “In recent weeks, we have seen evidence that Midnight Blizzard has used information initially leaked from our corporate email systems to gain unauthorized access or attempt to access it.”
Nobelium is responsible for the complex supply chain attack in 2020 known as the SolarWinds attack, which put thousands of organizations at risk, including major U.S. government agencies such as the Departments of Homeland Security, Defense, Justice, and Treasury.
It was said that the state-sponsored threat actor was trying to take advantage of different types of secrets found, including those shared via email between customers and Microsoft. However, the company did not disclose what these secrets were or the extent of the compromise, but it stated that it reached out directly to affected customers. It is not clear which source code was accessed.
According to Microsoft, there is no indication that its systems have been breached targeting customers.
“This includes access to some source code repositories and internal systems. To date, we have found no evidence that systems targeting Microsoft-hosted customers have been compromised.”
Microsoft said it had increased its security investments and noted that the attacker had increased the “already large volume” of password spray attacks observed in January by up to 10 times in February.
