NEW YORK: Microsoft has claimed that the hacker group Midnight Blizzard has been attempting to breach its networks using data obtained from the tech giant’s business emails in January.
The revelation raises concerns about the security of Microsoft’s systems and services, as the company is a major provider of digital services and infrastructure to the US government, including the national security establishment.
According to Reuters, Midnight Blizzard aimed to gain new access to Microsoft’s servers, which are extensively utilized by various US agencies. The hacker collective, Nobelium, gained entry to Microsoft’s corporate email networks in January and exfiltrated emails and documents from staff accounts.
“In recent weeks, we have seen evidence that Midnight Blizzard is using information initially exfiltrated from our corporate email systems to gain, or attempt to gain unauthorized access,” Microsoft stated in a blog post.
Hackers Attempts to Breach Microsoft’s Data
The compromised data includes a portion of Microsoft’s internal systems and source code repositories. Despite the breach, Microsoft assured that there is no evidence suggesting the attack has impacted its customer-facing systems.
Following the disclosure, Microsoft’s shares experienced a slight decline. The company emphasized its ongoing efforts to assist affected customers and mitigate potential risks posed by the breach.
Midnight Blizzard’s tactics have reportedly become more aggressive, with a significant increase in the usage of “password sprays” compared to their previous attack in January. This method involves using the same password on multiple accounts in an attempt to gain unauthorized access.
Despite the heightened threat, Microsoft reaffirmed its commitment to enhancing cybersecurity measures and protecting its systems from malicious actors.