Microsoft Under Constant Attack by Russian Hackers, Filing Says

File photo of a surveillance camera near the Microsoft office building in Beijing, China on July 20, 2021.

File photo of a surveillance camera near the Microsoft office building in Beijing, China on July 20, 2021.
Photo: Andy Wong, File (AP)

Hackers linked to the Russian government keep trying to penetrate Microsoft’s systems using information stolen in a hack from late 2023, according to an announcement from the tech company. The latest intrusion was serious enough that Microsoft filed a report with the SEC.

The Russian hackers have been dubbed Midnight Blizzard, previously known as Nobelium, which the U.S. and UK governments believe is attached to Russia’s Foreign Intelligence Service. The group has been around since at least early 2018.

“In recent weeks, we have seen evidence that Midnight Blizzard is using information initially exfiltrated from our corporate email systems to gain, or attempt to gain, unauthorized access. This has included access to some of the company’s source code repositories and internal systems,” Microsoft wrote in an update on Friday.

“To date we have found no evidence that Microsoft-hosted customer-facing systems have been compromised,” the announcement continued.

According to a new filing, Midnight Blizzard had gained access to “a very small percentage of employee email accounts” in late 2023 that includes “members of our senior leadership team and employees in our cybersecurity, legal, and other functions.”

Microsoft says it’s seen an increase in the number of brute force password-guessing, known as password sprays, noting a 10-fold increase in February compared to the “already large volume” the company saw in January.

“It is apparent that Midnight Blizzard is attempting to use secrets of different types it has found. Some of these secrets were shared between customers and Microsoft in email, and as we discover them in our exfiltrated email, we have been and are reaching out to these customers to assist them in taking mitigating measures,” Microsoft explained.

But Microsoft isn’t Midnight Blizzard’s only target. Hewlett Packard Enterprise revealed in a filing back in late December its Office 365 cloud email environment had been compromised by the same group.