Russia-Sponsored Cyberattackers Infiltrate Microsofts Code Base

The Midnight Blizzard APT is mounting a sustained, focused cyber campaign against the computing kahuna, using secrets it stole from emails back in January.

The Russian state-sponsored advanced persistent threat (APT) group known as Midnight Blizzard has nabbed Microsoft source code after accessing internal repositories and systems, as part of an ongoing series of attacks by a very sophisticated adversary.
The Redmond giant noted today that the previously announced
cyber campaign by Midnight Blizzard
, which commenced in January, has evolved. Assailants are continually probing its environment in an attempt to use secrets of different types that it originally exfiltrated from internal emails. Its a sustained, significant commitment on the part of the group, according to Microsoft.

Midnight Blizzard is using information initially exfiltrated
from our corporate email systems to gain, or attempt to gain, unauthorized access [deeper into our environment], according to Microsofts blog post on the attack. This has included access to some of the company’s source code repositories and internal systems.
The group (aka
APT29, Cozy Bear, Nobelium, and UNC2452
) may also be laying the groundwork for future efforts, according to the post, using the information it has obtained to accumulate a picture of areas to attack and enhance its ability to do so.
Further, Microsoft said that the attackers are turning up the volume on
password-spraying attempts
, observing a tenfold increase in February against its accounts.
Ariel Parnes, chief operating officer and co-founder at Mitiga, noted in an emailed statement that the source-code heist could lead to a flurry of zero-day vulnerability exploitation.
For advanced nation-state cyber groups, access to a companys source code is akin to finding the master key to its digital kingdom, opening up avenues for finding new zero-day vulnerabilities: undiscovered security flaws that can be exploited before theyre known to the software creators or the public, he warned, adding that the Microsoft breach is clearly much more severe than initially understood, underscoring the critical nature of source code security in the digital age.
The good news is that theres so far no evidence that Midnight Blizzard has compromised Microsoft-hosted customer-facing systems; however, in some instances, secrets were shared between customers and Microsoft in email.
As we discover them in our exfiltrated email, according to the post, we have been and are reaching out to these customers to assist them in taking mitigating measures.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Russia-Sponsored Cyberattackers Infiltrate Microsofts Code Base