The Russian state-sponsored Advanced Persistent Threat (APT) group known as Midnight Blizzard stole Microsoft’s source code after accessing internal repositories and systems, as part of an ongoing series of attacks by a very powerful adversary. sophisticated.
The Redmond giant today underlined what was previously announced Midnight Blizzard cyber campaign, which began in January, has evolved. Attackers continually probe its environment in an attempt to use different types of secrets originally exfiltrated from internal emails. This is a “sustained and significant commitment” by the group, according to Microsoft.
“Midnight Blizzard uses the initially exfiltrated information from our corporate email systems to gain, or attempt to gain, unauthorized access [deeper into our environment]”, according to Microsoft’s blog post on the attack. “This included access to some of the company’s source code repositories and internal systems.”
The group (aka APT29, Cozy Bear, Nobelium and UNC2452) could also lay the groundwork for future efforts, according to the post, “using the information gained to accumulate a picture of the areas to attack and improve its ability to do so.”
Additionally, Microsoft said attackers are turning up the volume password spraying attemptsobserving a tenfold increase in February compared to its accounts.
Ariel Parnes, chief operating officer and co-founder of Mitiga, noted in an emailed statement that the theft of source code could lead to a flurry of exploitation of zero-day vulnerabilities.
“For advanced nation-state cyber groups, accessing a company’s source code is like finding the master key to its digital realm, opening avenues for the discovery of new zero-day vulnerabilities: security flaws not yet discovered that can be exploited before they are known to software creators or the public,” he warned, adding that Microsoft’s breach is clearly much “more serious than initially expected, underscoring the critical nature of source code security in digital era”.
The good news is that so far there is no evidence that Midnight Blizzard has compromised customer-facing systems hosted by Microsoft; however, in some cases, secrets were shared between customers and Microsoft via email.
“When we discover them in our exfiltrated emails,” according to the post, “we have reached out and are reaching out to these customers to help them take mitigating measures.”