Mar 8, 2024 - Technology

Russian hackers continue to target Microsoft, company says

A logo sits illuminated at the Microsoft booth in the Mobile World Congress 2024.

Photo: Xavi Torrent via Getty Images

Microsoft said Friday the Russian nation-state hackers who breached some of its executives' emails late last year are continuing to target its networks and go after its source code.

Why it matters: Microsoft currently has the highest market cap of any company in the world, and the continuing attacks could give Russian spies critical information about its customers, corporate secrets and ongoing projects.

Catch up quick: In January, the company said that Midnight Blizzard had hacked "a very small percentage" of email accounts in the fall belonging to the company's senior leaders and members of the cybersecurity and legal teams.

  • Midnight Blizzard, which Microsoft has also called Nobelium, is the same group that broke into IT vendor SolarWinds in 2020, resulting in a breach of roughly 100 companies and federal agencies.
  • In this case, Midnight Blizzard successfully used a simple password-spraying technique, where adversaries attempt to use the same password across multiple accounts to see if it works.

Zoom in: Microsoft said in an SEC filing Friday that it now believes the hackers are using information stolen during the breach to "gain, or attempt to gain, unauthorized access" to some of the company's source code repositories and other internal systems.

  • Microsoft pointed Axios to a blog post with the same language when asked to clarify whether the hackers actually had stolen any source code — or if hackers are just making attempts.
  • Midnight Blizzard appears to be using corporate secrets collected from emails to further infiltrate the company's networks, the company added in the blog.
  • Password-spraying attacks against Microsoft have also increased "10-fold" in February compared to the "already large volume" seen in January, the company said.
  • The blog post says they've found no evidence that customer-facing systems have been compromised.

The big picture: The ongoing threat is just the latest cybersecurity incident that's targeted Microsoft in recent years.

  • In July, Microsoft said China-based hackers had targeted the Exchange email accounts belonging to at least 25 organizations. Those accounts included Commerce Secretary Gina Raimondo and officials at the State Department.
  • In 2021, China-linked hackers exploited a flaw in Microsoft's Exchange Server to target thousands of victims globally.
Go deeper