Russian hackers are weaponising stolen Microsoft passwords


In February, the hackers increased tenfold the volume of attempted password spray attacks, a technique in which intruders attempt to use multiple passwords on specific usernames to try breaching high-value accounts, according to Microsoft. — AP

A Russian state-sponsored hacking group that stole sensitive data from Microsoft Corp executives is trying to leverage that information to compromise the company’s source code and other internal systems, according to the technology giant.

The revelation makes clear that a hacking campaign Microsoft first identified in January had more unauthorised access than previously thought, the company said in a filing to the US Securities and Exchange Commission on Friday and a related blog post.

The hackers “ongoing attack is characterised by a sustained, significant commitment of the threat actor’s resources, coordination and focus”, Microsoft said, adding that further unauthorized access might occur.

The company said it is coordinating with federal law enforcement about what it described as its ongoing investigation. The FBI declined to comment.

In February, the hackers increased tenfold the volume of attempted password spray attacks, a technique in which intruders attempt to use multiple passwords on specific usernames to try breaching high-value accounts, according to Microsoft. The group also is attempting to use secrets shared between Microsoft and its customers in email, according to the blog post. “To date, we have found no evidence that Microsoft-hosted customer-facing systems have been compromised.”

The hackers, who Microsoft calls “Midnight Blizzard”, “may be using the information it has obtained to accumulate a picture of areas to attack and enhance its ability to do so,” Microsoft said. They were previously caught accessing emails that belonged to senior leaders, including cybersecurity and legal executives.

The suspected Russian hackers, who industry experts also call Cozy Bear and APT29, are the same group that the US and UK blamed in 2021 for the cyberattack on SolarWinds Corp, in which malicious code was inserted in a software update that allowed the intruders further access to customers. In all, about 100 companies and nine federal agencies were targeted for further attacks.

In February, the US, UK and other allies warned that the same group, which they say comprises hackers from the Russian Foreign Intelligence Service, known as the SVR, were finding ways to access cloud environments in order to target aviation, education, law enforcement, local and state councils, government financial departments and military organisations. – Bloomberg

Follow us on our official WhatsApp channel for breaking news alerts and key updates!

   

Next In Tech News

Exclusive-Amazon likely to face investigation under EU tech rules next year, sources say
US natgas producers chase AI-driven surge in power demand to weather low prices
Snowflake shares surge on rosy forecast, AI deal with Anthropic
Digital banks lead profitability gains among Brazilian lenders, says central bank
PayPal fixes outage that affected thousands worldwide
X's former top policy chief takes job with Elon Musk rival, Sam Altman
Alibaba integrates e-commerce platforms into a single business unit
US watchdog issues final rule to supervise Big Tech payments, digital wallets
Nvidia to build AI school in Indonesia, VP says
A Google PC running Android could be in the works

Others Also Read