Microsoft confirms Midnight Blizzard has access to its source code
The Russian hacking group is still trying to break into the company's systems
2 min. read
Published on
Share this article
Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more
In January, Microsoft confirmed Midnight Blizzard, a Russian hacking group, aka NOBELIUM, attacked its corporate system. Initially, the hackers accessed the corporate email accounts of the company’s senior leadership team members. Â
It seems that Microsoft is unable to contain the Midnight Blizzard attack as of now. In a recent blog post, the tech giant mentioned Kremlin-backed threat actor has access to some of its source code.
The blog post further mentions that the hacker group also accessed Microsoft’s internal systems. However, there is no evidence that Microsoft-hosted customer-facing systems have been hacked.
Here’s what Microsoft says in its blog post about source code theft.
In recent weeks, we have seen evidence that Midnight Blizzard is using information initially exfiltrated from our corporate email systems to gain, or attempt to gain unauthorized access. This has included access to some of the company’s source code repositories and internal systems.
Microsoft further adds that the hacker group has also accessed some secrets shared between customers and the company in emails. The tech giant believes that NOBELIUM is trying to use different types of secrets it accessed recently.
That’s not all, it adds that Midnight Blizzard has ramped up password spray attacks by as much as 10-fold last month compared to what it saw in January 2024.
The company didn’t add any details about the source code Midnight Blizzard has accessed, nor did it talk about the secrets and scale of compromise in the blog post.
