Microsoft falls victim to yet another deceitful exploit by cybercriminals in less than 2 months

(Image credit: Future)

What you need to know

  • Microsoft was recently hacked by a hacker group known as Midnight Blizzard.
  • The company indicated that the hackers targeted its source code and internal systems.
  • According to findings, the hackers accessed confidential information emails between Microsoft and its clients.
  • Microsoft states that the hacker group has heightened the intensity of its attacks and might be planning to use the information it gathered to identify susceptible areas to attack.

Hackers are evolving and using more sophisticated and ingenious exploits to lure unsuspecting companies into their deceitful ploys. And like most people, they are also hopping onto the AI wave.

Microsoft is the latest company to fall victim to these tricks. Today, the company announced that a group of Russian hackers known as Midnight Blizzard was able to access its systems. The company added that the hackers gained access using information obtained during an exploit that it also fell victim to last year. 

Midnight Blizzard deployed an exploit to Teams users last year by leveraging previously compromised Microsoft 365 tenants belonging to small business owners to create new domains that purport to be technical support entities. This ultimately impacted less than 40 unique organizations, though Microsoft resolved the issue.

This time, the hackers targeted Microsoft's internal systems and source code. According to Microsoft:

"In recent weeks, we have seen evidence that Midnight Blizzard is using information initially exfiltrated from our corporate email systems to gain, or attempt to gain, unauthorized access. This has included access to some of the company's source code repositories and internal systems."

This isn't the first time the tech giant has found itself in a similar position this year. In January, Russian hackers known as Nobelium gained access to email accounts belonging to top Microsoft executives, seeking to access the company's information and data on them.

Microsoft has shared its findings with the U.S. Securities and Exchange Commission after investigating Midnight Blizzard's latest invasion. The findings disclosed that the hacker group accessed confidential information between Microsoft and its customers and "is attempting to use secrets of different types it has found."

Microsoft's investigations also outlined that the attackers are now more relentless than ever and are using brute force accounts/password spraying tenfold more frequently than they did in their first attack.

Microsoft highlighted that the hacker group might be using the information it accessed to gather more information about areas susceptible to attack, ultimately making the company an easy target.

Kevin Okemwa

Kevin Okemwa is a seasoned tech journalist based in Nairobi, Kenya with lots of experience covering the latest trends and developments in the industry. With a passion for innovation and a keen eye for detail, he has written for leading publications such as OnMSFT, MakeUseOf, and Windows Report, providing insightful analysis and breaking news on everything revolving around the Microsoft ecosystem. While AFK and not busy following the ever-emerging trends in tech, you can find him exploring the world or listening to music.