George Kurtz said the “most frightening part” of recent large-scale cyberattacks was that password spraying was fairly basic on the scale of the Kraman Countdown attack.
Microsoft said it remains unable to shake off Russian hackers who breached multiple email accounts belonging to company executives.
Midnight Blizzard, the group Microsoft named responsible for ongoing cyberattacks on its digital infrastructure, reportedly used information gained from its initial successful hack to expand its reach. There is.
“In recent weeks, we have seen evidence that Midnight Blizzard is leveraging information originally leaked from our corporate email systems to gain or attempt to gain unauthorized access,” the Microsoft Security Response Center said in a statement. Stated. “This includes access to some of the company’s source code repositories and internal systems. To date, we have found no evidence that any customer-facing systems hosted by Microsoft were compromised.”
Microsoft announces that Russian state-sponsored hackers have infiltrated some corporate emails
An illuminated logo sits outside the Microsoft booth at ISE 2024 in Barcelona, Spain. (Cesc Maymo/Getty Images/Getty Images)
The MSRC statement goes on to say, “It is clear that Midnight Blizzard is attempting to use the various types of secrets it has discovered. Some of these secrets were shared between customers and Microsoft via email, and they have been leaked. Midnight Blizzard increased the volume of some of its attacks, such as password spraying, by as much as 10x in February, as we discovered them in emails, compared to January 2024.”
Microsoft also filed a report with the U.S. Securities and Exchange Commission.
Microsoft first announced in January that it had been hacked by Russia-linked attackers, affecting a “small portion” of corporate email accounts.
Microsoft’s co-pilot: AI chatbot gives preschoolers answers to questions when teaching sex, DEI, and LGBTQ topics
Microsoft announced that Russian state-sponsored Midnight Blizzard hackers had breached the personal email accounts of some members of Microsoft’s senior leadership team, and that some cybersecurity, legal, and other employees were also affected. In a blog post at the time.
Microsoft also said that upon learning of the attack on January 12, it “immediately initiated a response process to investigate, stop the malicious activity, mitigate the attack, and deny further access to threat actors.” He also said.
In a statement Friday, the company expressed surprise at Midnight Blizzard’s “sustained and significant effort of threat actor resources, coordination, and focus.”
CLICK HERE TO GET FOX BUSINESS ON THE GO
The Kremlin, the center of political power in Russia, can be seen behind the Gate Complex in Moscow, Russia. (Andreas Lenz/Getty Images/Getty Images)
“The information obtained may be used to build up a comprehensive picture of the attack area and strengthen its capabilities,” MSRC said. “This reflects a broader, unprecedented global threat landscape, particularly in terms of advanced state attacks.”
The hackers are believed to be one of many such groups supported materially or otherwise by the Kremlin.
Fox News Digital’s Aislinn Murphy contributed to this report.
