Midnight Blizzard, also known as Nobelium, APT29, or Cozy Bear, is said to be a Russian state-sponsored hacking group that has been launching a relentless campaign of cyberattacks against Microsoft since late 2023.
According to Microsoft, the initial breach occurred sometime in November 2023, when Midnight Blizzard managed to infiltrate the company’s infrastructure and steal sensitive information, including emails and documents belonging to high-ranking executives.
While Microsoft initially downplayed the incident, claiming that customer environments, production systems, source code, and AI systems were not compromised, the situation has taken a more ominous turn.
The Cyberattack Escalating
In an updated announcement (on 12th March), Microsoft has revealed that Midnight Blizzard is using the previously obtained information to further compromise the company’s endpoints and infrastructure.
The hacking group appears to be attempting to access Microsoft’s source code repositories and internal systems, although the company has not found evidence of successful breaches into customer-facing systems – yet.
According to Microsoft, the group is trying to use various types of secrets it has found, including those shared between customers and Microsoft via email.
As the company identifies these compromised secrets, they are reaching out to affected customers to assist them in taking mitigating measures.
But that’s not all. The volume of certain attack vectors, such as password sprays, has increased tenfold in February compared to January 2024, suggesting that Midnight Blizzard is committing significant resources and is well-organized and focused on its mission.
A Global Threat Landscape
Microsoft has acknowledged that this ongoing attack is part of an “unprecedented global threat landscape,” especially in terms of sophisticated nation-state attacks.
The company has increased its security investments, cross-enterprise coordination, and mobilization, enhancing its ability to defend itself and secure its environment against this advanced persistent threat.
Past Misdeeds of Midnight Blizzard
If the name Midnight Blizzard (or Nobelium) rings a bell, it’s because this hacking group has been involved in several high-profile cyberattacks in the past.
In March 2023, they breached 40 firms via compromised Microsoft 365 accounts.
But their most notorious exploits include the 2019 SolarWinds supply chain attack and the 2015 breach of the Democratic National Committee during the US presidential election campaign.
Reference: Microsoft Blog
Discover more from Gaming Foodle
Subscribe to get the latest posts to your email.
