Wednesday, November 6, 2024
Homecyber securityMicrosoft Alerts More Users in Update to Midnight Blizzard Hack

Microsoft Alerts More Users in Update to Midnight Blizzard Hack

Published on

Malware protection

Microsoft has issued a new alert to its users, updating them on the continued threat posed by Midnight Blizzard, a Russian state-sponsored hacking group also known as NOBELIUM.

The alert follows the initial detection of the attack by Microsoft’s Security Team on January 12, 2024.

The attack, which targeted Microsoft’s corporate email systems, prompted an immediate response from the company.

- Advertisement - SIEM as a Service

Subsequent investigations have revealed that Midnight Blizzard has been using information exfiltrated from these systems to attempt unauthorized access to other areas, including some of Microsoft’s source code repositories and internal systems.

"Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!"- Free Demo

Increased Attack Volume and Sophistication

In recent weeks, Microsoft has observed a significant increase in the volume and sophistication of Midnight Blizzard’s attacks.

The group has ramped up its efforts, with password spray attacks increasing tenfold in February compared to January 2024.

This escalation underscores the group’s sustained commitment and coordination, reflecting a broader trend of sophisticated nation-state cyber threats.

Despite these efforts, Microsoft has found no evidence of compromised customer-facing systems.

“Midnight Blizzard increased the volume of some aspects of the attack, such as password sprays, by as much as tenfold in February compared to the already large volume we saw in January 2024, Microsoft said. 

However, the company remains vigilant and proactive in its defense strategies.

In response to the ongoing threat, Microsoft has bolstered its security investments and cross-enterprise coordination.

The company has implemented enhanced security controls, detections, and monitoring to protect its environment against this advanced persistent threat.

Microsoft is also actively contacting customers whose information may have been compromised to assist them in taking mitigating measures.

The Midnight Blizzard attack highlights the evolving and increasingly complex global threat landscape.

Microsoft remains committed to transparency and will continue to share updates as its investigations progress.

The company’s ongoing efforts to secure its systems and protect its users reflect a broader industry need for heightened vigilance and robust cybersecurity measures in the face of sophisticated nation-state attacks.

Are you from SOC/DFIR Teams? - Sign up for a free ANY.RUN account! to Analyse Advanced Malware Files

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

ClickFix Exploits GMeet & Zoom Pages to Deliver Sophisticated Malware

A new tactic, "ClickFix," has emerged. It exploits fake Google Meet and Zoom pages...

APT36 Hackers Attacking Windows Deevices With ElizaRAT

APT36, a sophisticated threat actor, has been actively targeting Indian entities with advanced malware...

Hackers Using AV/EDR Bypass Tool From Cybercrime Forums To Bypass Endpoints

Researchers uncovered two previously unknown endpoints with older Cortex XDR agents that used to...

Hackers Created 100+ Fake Web Stores To Steal Millions Of Dollars From Customers

The Phish, 'n' Ships fraud operation leverages, compromised websites to redirect users to fake...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

ClickFix Exploits GMeet & Zoom Pages to Deliver Sophisticated Malware

A new tactic, "ClickFix," has emerged. It exploits fake Google Meet and Zoom pages...

APT36 Hackers Attacking Windows Deevices With ElizaRAT

APT36, a sophisticated threat actor, has been actively targeting Indian entities with advanced malware...

Hackers Using AV/EDR Bypass Tool From Cybercrime Forums To Bypass Endpoints

Researchers uncovered two previously unknown endpoints with older Cortex XDR agents that used to...