Microsoft has officially acknowledged a breach in its internal networks by Russian hackers, codenamed Midnight Blizzard or Cozy Bear, also known as APT29. These hackers managed to infiltrate the company’s systems and pilfered source code from the emails of high-ranking executives. This revelation came to light through Microsoft’s recent submission to the US Securities and Exchange Commission, categorizing the cyberattack as “active” and announcing a security upgrade in response.
Initially disclosed in January, Microsoft revealed that Midnight Blizzard had gained access to a limited number of company email accounts, focusing on communications within the legal department, cybersecurity, and leadership. At that time, Microsoft assured that critical assets such as source code, AI technology, production systems, and customer data remained uncompromised. However, recent developments suggest a shift in the situation, as evidence surfaced indicating Midnight Blizzard’s attempts to illegally access Microsoft’s source code repositories and other internal systems.
Although Microsoft claims that customer-serving systems remain intact, the attackers have been leveraging leaked information, including private correspondence between Microsoft and its clients. Consequently, Microsoft has initiated contact with affected clients to provide mitigation measures.
This incident underscores the persistent nature of the hackers’ attempts to breach additional Microsoft accounts. The breach began with a password spray attack in November, exploiting the absence of multi-factor authentication. Notably, February witnessed a significant uptick in attack attempts.
Despite the security flaw, Microsoft’s most recent financial statements indicate no immediate operational or financial repercussions. However, the company remains vigilant in addressing the breach and fortifying its defenses against future cyber threats.
