Russian hackers are weaponizing stolen Microsoft passwords

In response to an increase in unauthorized access attempts, the technology company adjusts its security strategy (Reuters/Gonzalo Fuentes)

a group of hacker A Russian state-sponsored company that stole sensitive data from Microsoft Corp. executives is attempting to leverage that information to compromise the company’s source code and internal systems, according to the tech giant.

a group of hackers Microsoft First identified in January, called midnight blizzardThe company said Friday that there was more unauthorized access than previously reported. Also known as hackers cozy bear And apt29, were previously caught accessing emails belonging to senior leaders, including cybersecurity and legal officials. The company said customer-facing systems were not compromised.

It is suspected that Russian hackers The volume of attempted password spray attacks has increased tenfold, a technique in which intruders attempt to use multiple passwords on specific usernames to break into high-value accounts. The group also attempts to access secrets shared between Microsoft and its customers via email. Microsoft is now alerting customers to the issue and helping to mitigate the problem.

“In recent weeks, we have seen evidence that Midnight Blizzard is using information initially extracted from our corporate email systems to gain or attempt to gain unauthorized access. “This includes access to some of the company’s source code repositories and internal systems,” he said. Microsoft In a blog post.

The company assured that, at the moment, they have not verified with reliable evidence that Hasek Group has compromised customer service systems hosted on its servers and systems.

“Ongoing attack by midnight blizzard It is characterized by a sustained, significant commitment of resources, coordination, and focus by the threat actor. They concluded, “It may be using the information it receives to build a picture of areas to attack and improve its ability to do so.”

Despite cyber attacks, so far, Microsoft customer service systems have not been compromised

At the end, Microsoft He said they have increased their investment in security and improved their operations to coordinate prevention, control and monitoring measures against digital attacks.

Earlier, in January, the technology company reported detecting a cyberattack by another Russian group Nobelium, which tried to break into the emails of senior company managers. On that occasion, Microsoft said that no digital hackers had managed to take over the database and that they had not affected its operating system.

©2024 Bloomberg LP

Source link

About Admin

Check Also

14 richest men in the world according to forbes

The club of billionaires worth more than $100 billion is seeing its ranks swell, testament ... Read more

Leave a Reply

Your email address will not be published. Required fields are marked *