Security News > 2024 > March > Microsoft confirms Russian spies stole source code, accessed internal systems
Microsoft has now confirmed that the Russian cyberspies who broke into its executives' email accounts stole source code and gained access to internal systems.
In an updated US Securities and Exchange filing and companion security post, Microsoft provided more details about the breach, which it originally disclosed in January.
At that time, Microsoft said Midnight Blizzard - the Kremlin-backed grew also known as Cozy Bear and APT29 that was behind the SolarWinds supply chain attack - snooped around in "a very small percentage of Microsoft corporate email accounts" and stole internal messages and files belonging to the leadership team, cybersecurity and legal employees.
"There is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems," Redmond said in January.
"Some of these secrets were shared between customers and Microsoft in email, and as we discover them in our exfiltrated email, we have been and are reaching out to these customers to assist them in taking mitigating measures."
The spies are still trying to access additional Microsoft accounts, and we're told the volume of password sprays increased ten-fold in February compared to the volume of such attacks seen in January.
News URL
Related news
- Ransomware attackers hop from on-premises systems to cloud to compromise Microsoft 365 accounts (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- U.S. and Microsoft Seize 107 Russian Domains in Major Cyber Fraud Crackdown (source)
- US Government, Microsoft Aim to Disrupt Russian threat actor ‘Star Blizzard’ (source)
- Russian spies use remote desktop protocol files in unusual mass phishing drive (source)