Microsoft has issued a new alert to its users, updating them on the continued threat posed by Midnight Blizzard, a Russian state-sponsored hacking group also known as NOBELIUM.
The alert follows the initial detection of the attack by Microsoft’s Security Team on January 12, 2024.
The attack, which targeted Microsoft’s corporate email systems, prompted an immediate response from the company.
Subsequent investigations have revealed that Midnight Blizzard has been using information exfiltrated from these systems to attempt unauthorized access to other areas, including some of Microsoft’s source code repositories and internal systems.
"Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!"- Free Demo
Increased Attack Volume and Sophistication
In recent weeks, Microsoft has observed a significant increase in the volume and sophistication of Midnight Blizzard’s attacks.
The group has ramped up its efforts, with password spray attacks increasing tenfold in February compared to January 2024.
This escalation underscores the group’s sustained commitment and coordination, reflecting a broader trend of sophisticated nation-state cyber threats.
Despite these efforts, Microsoft has found no evidence of compromised customer-facing systems.
“Midnight Blizzard increased the volume of some aspects of the attack, such as password sprays, by as much as tenfold in February compared to the already large volume we saw in January 2024, Microsoft said.
However, the company remains vigilant and proactive in its defense strategies.
In response to the ongoing threat, Microsoft has bolstered its security investments and cross-enterprise coordination.
The company has implemented enhanced security controls, detections, and monitoring to protect its environment against this advanced persistent threat.
Microsoft is also actively contacting customers whose information may have been compromised to assist them in taking mitigating measures.
The Midnight Blizzard attack highlights the evolving and increasingly complex global threat landscape.
Microsoft remains committed to transparency and will continue to share updates as its investigations progress.
The company’s ongoing efforts to secure its systems and protect its users reflect a broader industry need for heightened vigilance and robust cybersecurity measures in the face of sophisticated nation-state attacks.
Are you from SOC/DFIR Teams? - Sign up for a free ANY.RUN account! to Analyse Advanced Malware Files