Russian government hackers have successfully breached Microsoft's systems and the tech giant confirms it has yet to contain the data breach nor evict the state-sponsored hackers. Microsoft adds that it will continue to provide more information amidst the "ongoing attack."
The Microsoft Security Team discovered the nation-state attack on January 12, 2024, and announced it on January 19. The corporation swiftly started its response procedure when Microsoft's security team discovered the intrusion in senior executives' email accounts and on corporate email infrastructure.
The threat actor was identified by Microsoft Threat Intelligence as Midnight Blizzard, also known as NOBELIUM, a state-sponsored actor from Russia.
(Photo: Drew Angerer/Getty Images)
The Microsoft logo is illuminated on a wall during a Microsoft launch event to introduce the new Microsoft Surface laptop and Windows 10 S operating system, May 2, 2017 in New York City.
The source code that was accessed and the capabilities the hackers acquired to further jeopardize Microsoft and client systems were not disclosed by the company representative. According to reports on Friday, Microsoft revealed that the hackers had taken cryptographic secrets-passwords, certificates, and authentication keys-from emails exchanged between the business and unidentified clients.
According to Microsoft, it is evident that Midnight Blizzard is attempting to exploit the many kinds of secrets it's uncovered. The business further states that compared to January 2024, when the volume was already high, Midnight Blizzard has increased the attack volume by up to ten times, particularly for password spraying.
National Cybersecurity Concern
According to cybersecurity experts, Microsoft's admission that the SVR hack had not been contained highlights the dangers of businesses and governments heavily depending on the software monoculture of the Redmond, Washington-based company, as well as the fact that a large number of its clients are connected via its extensive global cloud network.
According to Tom Kellermann of Contrast Security, a cybersecurity firm, the Russian hack has significant ramifications for national security because it allows the Russians to use supply chain attacks against Microsoft's clientele.
Tenable CEO Amit Yoran also released a statement expressing shock and dismay. He is one of the security experts who thinks Microsoft is unduly secretive about its vulnerabilities and hacking procedures. Yoran stated that the public needs to be incensed that this continues to occur. They go on to say that Microsoft intentionally obscures the whole truth with its dubious security procedures and false claims.
Microsoft's Response
The tech giant has not determined yet if there will be a financial fallout from the incident. The company also claimed that the intrusion's continued existence is indicative of an unparalleled worldwide danger environment, particularly concerning highly skilled nation-state attacks.
In response, Microsoft claims to have strengthened defenses, secured and hardened its environment against advanced persistent threats, and boosted investments in security, cross-enterprise cooperation, and mobilization. The organization pledges to keep implementing more sophisticated security detections, monitoring, and controls.
The company says that it has been in contact with its customers to help them take mitigation action. Some of these secrets were disclosed in emails between Microsoft and its customers.