“For years, the U.S. government has documented malicious cyber activity as a standard part of Russia’s strategy. This latest Microsoft breach adds to their long list. We continue to work with our government and private sector partners to protect and defend our systems from this threat activity.” The statement was quoted by CISA Director Jen Easterly.
Microsoft's announcement about Midnight Blizzard's counter-campaign was like a slow reveal that gets worse with each new development.
Microsoft initially named Midnight Blizzard as behind the attack and said it began in late November 2023. The group used simple password-spraying techniques to gain a foothold within the network, using what Microsoft described as “traditional non-production test tenant accounts.” ”
At the time, the attack was said to have targeted senior Microsoft executives, but was still believed to be limited in scope. But a more recent update in March took a turn for the worse after the company admitted that attackers had accessed its internal systems and source code.
There is a long-term pattern at work, with the company issuing a warning in August 2023 that Midnight Blizzard was targeting Microsoft customers through social engineering attacks against Microsoft Teams.
Who is Midnight Blizzard?
Midnight Blizzard, a US and UK partnership with Russia's SVR Foreign Intelligence Service, is known by several nicknames, depending on the security vendor behind the naming. Other names include Nobelium, APT29, and Cozy Bear. He was last famous in 2016 when he was accused of infiltrating servers belonging to the Democratic National Committee (DNC) with his second group, Fancy Bear, in Russia.
