Another Loss of Source Code for Microsoft; January Attack by Russian Hackers Was Worse Than Previously Reported

by | Mar 12, 2024

It appears that the January attack on Microsoft was worse than initially reported, with an update from the company indicating the Russian hackers may have stolen source code and accessed private email exchanges between corporate accounts and customers.

Aside from the possibility that email exchanges were exposed, Microsoft maintains that no client or customer systems were breached. But the Russian hackers are apparently making use of whatever they stole to ramp up password spray attacks, with the company reporting a “ten-fold” increase observed in February.

No word yet as to what source code was stolen from Microsoft

This is not the first time Russian hackers have made off with Microsoft source code, and in fact this same group pulled off a similar heist in 2021.

Microsoft calls the group “Midnight Blizzard” under its recent threat group taxonomy change, but the attackers are probably better known to the world as “Cozy Bear.” The Russian hackers managed to make news outside of cybersecurity circles with repeated election interference and as the perpetrators of the infamous SolarWinds attack. Microsoft had a brush with them about three years ago in which source code was stolen, in that case to components for Azure and Exchange.

Microsoft first reported this current breach in mid-January, but it began in November of last year. The Russian hackers somehow came across a test account with an unusual permission level, and that they were able to access with a password spray attack. That breach was only part of a rough year for Redmond, in which hackers thought to be sponsored by China managed to get into client email inboxes via Microsoft 365’s web interface.

Microsoft’s initial report also indicated that the Russian hackers were merely probing for what intelligence the company had on them, and had not appeared to steal anything. This new statement is a total revision of that assessment, but thus far Microsoft will only say that “secrets” were stolen without further detail about the impacted source code. The repeated security blunders in 2023 pushed some members of the US government to openly speculate about moving away from Microsoft.

Repeated incursions by Russian hackers hurting Microsoft’s reputation

Microsoft maintains that both customers and the production environment are not impacted, but until the specific nature of the stolen source code is revealed it is hard to say exactly how damaging this breach is. That is a major change from the original announcement, which essentially downplayed the incident and made it sound as if the Russian hackers were casually browsing for chatter about themselves.

We do know that whatever the hackers took is feeding a spree of password spraying attacks. Microsoft reports a spike from the group in January just following the breach, and a gigantic increase in February to about ten times the previous level of activity. Microsoft says that it has responded with security and monitoring improvements.

Recent Posts

Attempted Audio Deepfake on LastPass is “The New Normal” for Voice Phishing
Attempted Audio Deepfake on LastPass is “The New Normal” for Voice Phishing

Employee targeted in the voice phishing attack received several different deepfake call attempts and at least one voicemail message, but did not respond as it’s exceedingly rare for anyone to communicate internally via WhatsApp, let alone for the CEO to randomly start peppering an employee with messages after business hours.

How can we help?

9 + 3 =

× How can I help you?