Microsoft claims the Russian hacking group is still trying to break into its systems

Microsoft on Friday said the Russian group Nobelium, which the company calls Midnight Blizzard, had been trying to gain access to its internal systems and source code repositories.

“In recent weeks, we have seen evidence that Midnight Blizzard used information originally exfiltrated from our corporate email systems to gain or attempt to gain unauthorized access. This includes access to some of the company’s source code repositories and internal systems,” Microsoft said in a blog post.

“To date, we have found no evidence that Microsoft-hosted customer service systems have been compromised.”

Microsoft said Midnight Blizzard was trying to access secrets, including those shared between Microsoft and its customers, but was contacting and helping affected customers.

“Midnight Blizzard increased the volume of some aspects of the attack, such as password sprays, by up to 10x in February, compared to the already high volume we saw in January 2024,” it said.

Microsoft said it has increased its security investments and efforts to defend against the attack, and that it has strengthened monitoring and control measures.

The company first said in January that it discovered a cyberattack by Nobelium in which the Russian group hacked emails from senior executives. At the time, Microsoft said there was no evidence the hacking group accessed customer data, production systems, or proprietary source code.

Shortly after the attack on Microsoft, Hewlett Packard Enterprise said its cloud-based email system had also been compromised.

Nobelium is considered part of the Russian foreign intelligence SVR by the US government and is also known as Cozy Bear or APT29, along with Midnight Blizzard.

Russia has repeatedly been accused of cyberattacks against Western countries and companies during its war against Ukraine.

In December 2023, Britain’s National Cyber ​​Security Center said Russia had targeted politicians, journalists and government officials in a multi-year “campaign of malicious cyber activity” aimed at undermining democracy.