Security News > 2024 > March > Microsoft confirms Russian spies stole source code, accessed internal systems
Microsoft has now confirmed that the Russian cyberspies who broke into its executives' email accounts stole source code and gained access to internal systems.
In an updated US Securities and Exchange filing and companion security post, Microsoft provided more details about the breach, which it originally disclosed in January.
At that time, Microsoft said Midnight Blizzard - the Kremlin-backed grew also known as Cozy Bear and APT29 that was behind the SolarWinds supply chain attack - snooped around in "a very small percentage of Microsoft corporate email accounts" and stole internal messages and files belonging to the leadership team, cybersecurity and legal employees.
"There is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems," Redmond said in January.
"Some of these secrets were shared between customers and Microsoft in email, and as we discover them in our exfiltrated email, we have been and are reaching out to these customers to assist them in taking mitigating measures."
The spies are still trying to access additional Microsoft accounts, and we're told the volume of password sprays increased ten-fold in February compared to the volume of such attacks seen in January.
News URL
Related news
- Microsoft says Russian hackers breached its systems, accessed source code (source)
- Microsoft Confirms Russian Hackers Stole Source Code, Some Customer Secrets (source)
- Microsoft: Russian hackers accessed internal systems, code repositories (source)
- Microsoft breach allowed Russian spies to steal emails from US government (source)
- Kremlin accuses America of plotting cyberattack on Russian voting systems (source)
- Microsoft to shut down 50 cloud services for Russian businesses (source)
- Microsoft lifts Windows 11 block on some Intel systems after 2 years (source)
- Germany cuffs alleged Russian spies over plot to bomb industrial and military targets (source)