Russian hackers are weaponising stolen Microsoft passwords

Ajay Suresh/CC BY 2.0 DEED

A Russian state-sponsored hacking group that stole sensitive data from Microsoft executives is trying to leverage that information to compromise the company’s source code and internal systems, according to the technology giant.

A hacking group Microsoft first identified in January, called Midnight Blizzard, had more unauthorised access than previously thought, the company said on Friday. The hackers, also called Cozy Bear and APT29, were previously caught accessing e-mails that belonged to senior leaders, including cybersecurity and legal executives. Microsoft said customer-facing systems don’t appear to have been compromised.

The suspected Russian hackers have increased by tenfold their volume of attempted password spray attacks, a technique in which intruders attempt to use multiple passwords on specific usernames to try breaching high-value accounts.

The group also is attempting to use secrets shared between Microsoft and its customers in e-mail. Microsoft is now alerting customers to the issue and helping mitigate the problem.

“Midnight Blizzard’s ongoing attack is characterised by a sustained, significant commitment of the threat actor’s resources, coordination and focus,” the company said in its blog post. “It may be using the information it has obtained to accumulate a picture of areas to attack and enhance its ability to do so.”

Read: Microsoft flexes its AI muscles

Microsoft also alerted the US Securities and Exchange Commission to the matter.  — Jamie Tarabay, (c) 2024 Bloomberg LP

Get breaking news alerts from TechCentral on WhatsApp