Microsoft has disclosed a further security incident involving the Russian-backed hacking group known as Midnight Blizzard (or Nobelium). The hackers successfully accessed Microsoft’s internal systems and source code repositories. This was made possible through stolen authentication data obtained in a January cyberattack.
The initial breach stemmed from a legacy test account that lacked multi-factor authentication. This account had privileged access, allowing the hackers to steal data from corporate mailboxes, including those of high-level Microsoft executives and staff.
Microsoft is currently investigating the extent of the breach. The company suspects the hackers are using stolen customer secrets to gain further unauthorized access. Customers affected by this data exposure are being notified.
Microsoft has ramped up security efforts in response to the ongoing attack, including collaboration with law enforcement. The company also reports a surge in password spray attacks by Midnight Blizzard and urges all users to enable MFA.
Midnight Blizzard is a state-sponsored group with a history of cyberespionage and previous attacks against Microsoft, most notably the 2020 SolarWinds supply chain attack.