Security News > 2024 > March > Microsoft confirms Russian spies stole source code, accessed internal systems

Microsoft has now confirmed that the Russian cyberspies who broke into its executives' email accounts stole source code and gained access to internal systems.

In an updated US Securities and Exchange filing and companion security post, Microsoft provided more details about the breach, which it originally disclosed in January.

At that time, Microsoft said Midnight Blizzard - the Kremlin-backed grew also known as Cozy Bear and APT29 that was behind the SolarWinds supply chain attack - snooped around in "a very small percentage of Microsoft corporate email accounts" and stole internal messages and files belonging to the leadership team, cybersecurity and legal employees.

"There is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems," Redmond said in January.

"Some of these secrets were shared between customers and Microsoft in email, and as we discover them in our exfiltrated email, we have been and are reaching out to these customers to assist them in taking mitigating measures."

The spies are still trying to access additional Microsoft accounts, and we're told the volume of password sprays increased ten-fold in February compared to the volume of such attacks seen in January.

News URL

https://go.theregister.com/feed/www.theregister.com/2024/03/08/microsoft_confirms_russian_spies_stole/