After Microsoft’s corporate email systems were attacked by Russian hackers in January, the company said it has seen evidence the hackers are using the information it stole to access or gain access to the “company’s source code repositories and internal systems.”
Microsoft said it hasn’t yet seen evidence its customer-facing systems have been compromised by Midnight Blizzard, a Russian state-sponsored actor that is also known as Nobelium. The company said it is “apparent” the group “is attempting to use secrets of different types it has found,” some of which were in emails between Microsoft and its customers. Meanwhile, the group “has increased the volume of some aspects of the attack, such as password sprays, by as much as 10-fold in February,” Microsoft said.
Midnight Blizzard, whose attack Microsoft said is ongoing, may be using stolen information “to accumulate a picture of areas to attack and enhance its ability to do so,” Microsoft said, adding that the company has increased its investments into security controls, detection, and system monitoring.
On Jan. 19, Microsoft announced it had detected a nation-state attack on its corporate systems and traced it back to the Russian group. In late November, Midnight Blizzard had used a password spray attack to access some of Microsoft’s corporate email accounts, including those belonging to leadership and employees in its cybersecurity and legal teams. An investigation at the time found the group was targeting email accounts for information related to itself.
In February, OpenAI and Microsoft announced they had found and shut down OpenAI accounts belonging to five state-affiliated malicious actors that were using the companies’ AI tools, including ChatGPT, to carry out cyberattacks. A different Russia-affiliated actor, Forrest Blizzard, was among the groups targeted by OpenAI and Microsoft. It had used large language models (LLMs) to research “various satellite and radar technologies that may pertain to conventional military operations in Ukraine,” Microsoft said. It also used the tools to support tasks like manipulating files “to potentially automate or optimize technical operations.”