Microsoft revealed earlier this year that Russian state-sponsored hackers had been spying on the email accounts of some members of its senior leadership team. Now, Microsoft is disclosing that the attack, from the same group behind the SolarWinds attack, has also led to some source code being stolen in what Microsoft describes as an ongoing attack.
“In recent weeks, we have seen evidence that Midnight Blizzard [Nobelium] is using information initially exfiltrated from our corporate email systems to gain, or attempt to gain, unauthorized access,” explains Microsoft in a blog post. “This has included access to some of the company’s source code repositories and internal systems. To date we have found no evidence that Microsoft-hosted customer-facing systems have been compromised.”
It’s not clear what source code was accessed, but Microsoft warns that the Nobelium group, or “Midnight Blizzard,” as Microsoft refers to them, is now attempting to use “secrets of different types it has found” to try to further breach the software giant and potentially its customers. “Some of these secrets were shared between customers and Microsoft in email, and as we discover them in our exfiltrated email, we have been and are reaching out to these customers to assist them in taking mitigating measures,” says Microsoft.
Nobelium initially accessed Microsoft’s systems through a password spray attack last year. This type of attack is a brute-force approach where hackers utilize a large dictionary of potential passwords against accounts. Microsoft had configured a non-production test tenant account without two-factor authentication enabled, allowing Nobelium to gain access.
“Across Microsoft, we have increased our security investments, cross-enterprise coordination and mobilization, and have enhanced our ability to defend ourselves and secure and harden our environment against this advanced persistent threat,” says Microsoft. “We have and will continue to put in place additional enhanced security controls, detections, and monitoring.”
The attack on Microsoft initially took place just days after the company announced its plan to overhaul its software security following serious Azure cloud attacks. Microsoft has been at the center of several high-profile security attacks in recent years, including 30,000 organizations’ email servers getting hacked in 2021 due to a Microsoft Exchange Server flaw and Chinese hackers breaching US government emails via a Microsoft cloud exploit last year.
Microsoft is still investigating Nobelium’s latest attacks on its systems. “Our active investigations of Midnight Blizzard activities are ongoing, and findings of our investigations will continue to evolve,” says Microsoft. “We remain committed to sharing what we learn.”
The Verge
"*" indicates required fields
Software Asset Management is a business practice that involves managing and optimising the life cycle of software within an organisation.
Software asset management is relevant to many facets of a business - take a look at some of the roles that it can form part of the focus of.
Software vendors come in all shape and sizes - all with their own set of licensing models and rules. We take a look at just a few of them.
As a constantly evolving subject, SAM is not without its challenges. We take a look at some of the most common ones.
Wondering what an investment in SAM could do for your business? Fill out a few details and find out what return you could get!
Answer a few questions about your SAM infrastructure & experience, and we'll put together a personalised recommendation for the future.
A simple health check of what's being used across your Office 365 estate in this FREE, Microsoft backed and easy to setup review.
Just like you would with your vehicle each year, get an annual check up of your software asset management programme.
Overwhelmed by the task of documenting the steps for a successful SAM programme? Get the experts in to help!
Concerned your SAM tools aren't covering your whole estate? Or on the look out for an entirely new tool? Get us in to assist.
Not content with covering all things SAM related, we've teamed up with Capital to provide a comprehensive hardware asset management review.
A simple, one-time reconciliation of the software you have deployed versus the licence entitlement you own.
A regularly scheduled analysis of your organisation's estate, specifically adapted to your needs and budget.
A full appraisal of your Microsoft 365 setup and how best to optimise it through automated recommendations.
An add-on to our SAMplicity One, MOT and Plus offerings, quickly diagnose your ability to migrate your resources to the cloud.
In collaboration with law firm Addleshaw Goddard, ensure the legality of your SAM programme and get assistance with any contract disputes.
Available as standard with SAMplicity Plus, ensure you're compliant if you're unexpectedly audited by a vendor.
We've teamed up with some of the forefront experts in licensing knowledge so you can teach yourself to be an expert too.
Stumped by the continually evolving complexities of SAM? Join us for one of our comprehensive courses, either in-person or online.
It’s chock full of useful advice, exclusive events and interesting articles. Don’t miss out!