Microsoft has been hit again by a cyberattack from a Russian-state sponsored group that put in danger both corporate and client information, the company said in a statement on Friday.
Russian state-sponsored hacking group Midnight Blizzard was trying to breach Microsoft’s systems again using the information it stole by hacking into the tech company’s corporate emails in January.
“In recent weeks, we have seen evidence that Midnight Blizzard is using information initially exfiltrated from our corporate email systems to gain, or attempt to gain, unauthorised access,” the company said in a statement on its blog.
That data includes some of its source code repositories and internal systems, Microsoft said.
The company’s shares edged lower following the news.
Microsoft said the client-facing systems were not compromised, but this is not absolute. Some “secrets” exchanged between the company and clients in emails were stolen, and some clients are facing danger. Microsoft will contact these clients to inform them of the attack and help them in the needed steps ahead.
“It is apparent that Midnight Blizzard is attempting to use secrets of different types it has found,” it added.
“Some of these secrets were shared between customers and Microsoft in email, and as we discover them in our exfiltrated email, we have been and are reaching out to these customers to assist them in taking mitigating measures.”
In some ways the hackers had become more aggressive in trying to penetrate Microsoft, the company said. For instance the hackers’ use of “password sprays”— where an attacker uses the same password on multiple accounts in the hope of breaking in—had increased as much as tenfold compared to their January attack, Microsoft said.
The Russian embassy in Washington has previously not responded to requests for comment on Microsoft’s statements about the Midnight Blizzard attack.
Microsoft said in January that Midnight Blizzard, also known as Nobelium, is the same hacking group behind the SolarWinds attack. In a 2021 blog post, Microsoft called the SolarWinds hacking campaign “the most sophisticated nation-state attack in history.”
In addition to U.S. government agencies, including the Departments of Justice and Treasury, more than 100 private companies and think tanks were compromised, including software and telecommunications providers.
AI and Cyber-Attacks
State-affiliated hackers from China, Iran, North Korea, and Russia have tried to use OpenAI’s tools to improve their offensive cyber operations, according to research published by the ChatGPT developer and Microsoft in February.
OpenAI and Microsoft disabled generative artificial intelligence (AI) accounts associated with five state-affiliated groups. While the groups’ techniques were not “particularly novel or unique,” Microsoft stated in a blog post that their actions represented “emerging threats in the age of AI.” The threats included attempted misuse of large language models (LLMs) and fraud.
Bob Rotsted, who leads cybersecurity threat intelligence at OpenAI, said, “This is one of the first, if not the first, instances of an AI company coming out and discussing publicly how cybersecurity threat actors use AI technologies.”
Microsoft assessed that the Russian hacking group that used the AI account, known as Forest Blizzard, plays “a significant supporting role to Russia’s foreign policy and military objectives both in Ukraine and in the broader international community.”
One thing the group did with LLMs was to acquire in-depth knowledge of satellite capabilities.
Reuters, Jane Nguyen, and Frank Fang contributed to this report.
