Russian hackers are weaponising stolen Microsoft passwords


In February, the hackers increased tenfold the volume of attempted password spray attacks, a technique in which intruders attempt to use multiple passwords on specific usernames to try breaching high-value accounts, according to Microsoft. — AP

A Russian state-sponsored hacking group that stole sensitive data from Microsoft Corp executives is trying to leverage that information to compromise the company’s source code and other internal systems, according to the technology giant.

The revelation makes clear that a hacking campaign Microsoft first identified in January had more unauthorised access than previously thought, the company said in a filing to the US Securities and Exchange Commission on Friday and a related blog post.

The hackers “ongoing attack is characterised by a sustained, significant commitment of the threat actor’s resources, coordination and focus”, Microsoft said, adding that further unauthorized access might occur.

The company said it is coordinating with federal law enforcement about what it described as its ongoing investigation. The FBI declined to comment.

In February, the hackers increased tenfold the volume of attempted password spray attacks, a technique in which intruders attempt to use multiple passwords on specific usernames to try breaching high-value accounts, according to Microsoft. The group also is attempting to use secrets shared between Microsoft and its customers in email, according to the blog post. “To date, we have found no evidence that Microsoft-hosted customer-facing systems have been compromised.”

The hackers, who Microsoft calls “Midnight Blizzard”, “may be using the information it has obtained to accumulate a picture of areas to attack and enhance its ability to do so,” Microsoft said. They were previously caught accessing emails that belonged to senior leaders, including cybersecurity and legal executives.

The suspected Russian hackers, who industry experts also call Cozy Bear and APT29, are the same group that the US and UK blamed in 2021 for the cyberattack on SolarWinds Corp, in which malicious code was inserted in a software update that allowed the intruders further access to customers. In all, about 100 companies and nine federal agencies were targeted for further attacks.

In February, the US, UK and other allies warned that the same group, which they say comprises hackers from the Russian Foreign Intelligence Service, known as the SVR, were finding ways to access cloud environments in order to target aviation, education, law enforcement, local and state councils, government financial departments and military organisations. – Bloomberg

Follow us on our official WhatsApp channel for breaking news alerts and key updates!

   

Next In Tech News

Japan's antitrust watchdog to find Google violated law in search case, Nikkei reports
Is tech industry already on cusp of artificial intelligence slowdown?
What does watching all those videos do to kids' brains?
How the Swedish Dungeons & Dragons inspired 'Helldivers 2'
'The Mind Twisting Quadroids' review: Help needed conquering the galaxy
Albania bans TikTok for a year after killing of teenager
As TikTok runs out of options in the US, this billionaire has a plan to save it
Google offers to loosen search deals in US antitrust case remedy
Is Bluesky the new Twitter for teachers in the US?
'Metaphor: ReFantazio', 'Dragon Age', 'Astro Bot' and an indie wave lead the top video games of 2024

Others Also Read