Prior Blog on this news: https://csotips.com/2024/03/08/russia-sponsored-cyberattackers-infiltrate-microsofts-code-base/
https://www.wired.com/story/russia-hackers-microsoft-source-code
In January, Microsoft revealed that a notorious group of Russian state-sponsored hackers known as Nobelium infiltrated the email accounts of the company’s senior leadership team. Today, the company revealed that the attack is ongoing. In a blog post, the company explains that in recent weeks, it has seen evidence that hackers are leveraging information exfiltrated from its email systems to gain access to source code and other “internal systems.”
It is unclear exactly what internal systems were accessed by Nobelium, which Microsoft calls Midnight Blizzard, but according to the company, it is not over. The blog post states that the hackers are now using “secrets of different types” to breach further into its systems. “Some of these secrets were shared between customers and Microsoft in email, and as we discover them in our exfiltrated email, we have been and are reaching out to these customers to assist them in taking mitigating measures.”
Nobelium is responsible for the SolarWinds attack, a sophisticated 2020 supply-chain attack that compromised thousands of organizations including the major US government agencies like the Departments of Homeland Security, Defense, Justice, and Treasury.
According to Microsoft, it has found no evidence that its customer-facing systems were breached.
Imagine if hackers could infiltrate an entire organization simply by sifting through the email contents of an exfiltrated Microsoft Leadership’s Email account. This raises several questions in my mind. Are Microsoft’s Zero Trust Network Access (ZTNA) measures not being enforced? Is the principle of Least Privilege not being applied? Why would the leadership team have information about source code lingering in emails? Consequently, are hackers targeting Microsoft’s customers based on email contents? Is this another supply chain attack akin to SolarWinds?
Leave a Reply