Microsoft disclosed on Friday that it has been targeted by the Russian hacking group Nobelium, also known as Midnight Blizzard, which has been attempting to infiltrate its internal systems and source code repositories.

According to a blog post by Microsoft, evidence suggests that Midnight Blizzard has been using information obtained from the company’s corporate email systems to gain unauthorized access. This includes accessing some of Microsoft’s source code repositories and internal systems. However, Microsoft assured that there is no evidence of compromise to its customer-facing systems hosted by the company.

The cyberattack has focused on obtaining secrets, including those shared between Microsoft and its customers. Despite these attempts, Microsoft has been reaching out to and assisting affected customers.

Microsoft’s Efforts to Remove Elite Russian Hacking Group

The intensity of the attack has escalated, with Midnight Blizzard increasing the volume of certain aspects such as password spraying by up to tenfold in February compared to January 2024. In response, Microsoft has heightened its security investments and efforts to defend against the attack, implementing enhanced monitoring and control measures.

This isn’t the first time Microsoft has been targeted by Nobelium. The company initially detected the cyberattack in January, where the Russian Hacking group hacked emails belonging to top executives. At that time, Microsoft stated that there was no evidence of the hacker group accessing customer data, production systems, or proprietary source code. Shortly after Microsoft’s revelation, Hewlett Packard Enterprise reported that its cloud-based email system had also been compromised.

Nobelium, also known as Cozy Bear or APT29, is associated with Russia’s foreign intelligence service SVR. Russia has faced numerous accusations of cyberattacks against Western countries and companies, particularly amidst its conflict with Ukraine.

In December 2023, Britain’s National Cyber Security Centre accused Russia of targeting politicians, journalists, and civil servants in a multi-year campaign of malicious cyber activity aimed at undermining democracy.

The recent cyberattacks underscore the ongoing challenges faced by companies in defending against sophisticated cyber threats, highlighting the importance of continuous investment in cybersecurity measures to safeguard sensitive information and protect against potential breaches.

Implications of the SVR Foreign Intelligence Service Breach

Using data acquired during the intrusion, disclosed in mid-January, the SVR hackers managed to compromise certain source-code repositories and internal systems, according to Microsoft’s blog post and regulatory filing.

A spokesperson for the company declined to specify which source code was accessed or the extent of the hackers’ capabilities to further compromise both customer and Microsoft systems. Microsoft stated that the hackers had extracted “secrets” from email communications between the company and unspecified customers. These secrets included cryptographic information such as passwords, certificates, and authentication keys. The company is actively engaging with affected customers to assist in implementing mitigating measures.

Furthermore, on January 24, cloud-computing company Hewlett Packard Enterprise revealed that it, too, had fallen victim to SVR hacking. The disclosure occurred two weeks after Microsoft discovered the breach, though Hewlett-Packard Enterprise did not disclose who informed them of the breach.