Microsoft warns Russian hackers are using execs' stolen emails to broaden cyberattacks
Midnight Blizzard reportedly first breach Microsoft executive emails in January via a password-spray method
Microsoft Corporation says it still cannot shake Russian hackers who compromised several email accounts belonging to company executives.
Midnight Blizzard — the group named by Microsoft as responsible for ongoing cyber attacks on their digital infrastructure — has reportedly used information obtained in the first successful hack to broaden its scope.
"In recent weeks, we have seen evidence that Midnight Blizzard is using information initially exfiltrated from our corporate email systems to gain, or attempt to gain, unauthorized access," the Microsoft Security Response Center said in a statement. "This has included access to some of the company’s source code repositories and internal systems. To date we have found no evidence that Microsoft-hosted customer-facing systems have been compromised."
MICROSOFT SAYS RUSSIAN STATE-SPONSORED HACKERS BROKE INTO SOME COMPANY EMAILS
The MSRC statement continued, "It is apparent that Midnight Blizzard is attempting to use secrets of different types it has found. Some of these secrets were shared between customers and Microsoft in email, and as we discover them in our exfiltrated email, we have been and are reaching out to these customers to assist them in taking mitigating measures. Midnight Blizzard has increased the volume of some aspects of the attack, such as password sprays, by as much as 10-fold in February, compared to the already large volume we saw in January 2024."
Microsoft also filed a report with the United States Securities and Exchange Commission.
In January, Microsoft first announced it suffered a hack by Russia-affiliated threat actors that affected a "very small percentage" of corporate email accounts.
The Russian state-sponsored Midnight Blizzard hackers got into email accounts of some individuals on Microsoft’s senior leadership team, with some cybersecurity, legal and other workers also impacted, Microsoft said in a blog post at the time.
Microsoft had also said it "immediately activated our response process to investigate, disrupt malicious activity, mitigate the attack, and deny the threat actor further access" upon learning of the attack on Jan. 12.
The company expressed surprise at Midnight Blizzard's "sustained, significant commitment of the threat actor’s resources, coordination, and focus" in their Friday statement.
GET FOX BUSINESS ON THE GO BY CLICKING HERE
"It may be using the information it has obtained to accumulate a picture of areas to attack and enhance its ability to do so," MSRC said. "This reflects what has become more broadly an unprecedented global threat landscape, especially in terms of sophisticated nation-state attacks."
The hackers are believed to be one of many such groups supported materially and otherwise by the Kremlin.
Fox News Digital's Aislinn Murphy contributed to this report.