Russian elite hackers have hacked Microsoft, with far-reaching consequences

The Kremlin-funded hacker group “Cozy Bear” has repeatedly attacked Windows. New and alarming findings about data theft have now been published.

Follow me

Microsoft published a blog post on Friday informing itself of the long-term consequences of the devastating Russian hacker attack. The elite hackers, who were hired by Russia's foreign intelligence service, were discovered in Microsoft's internal systems at the beginning of 2024.

Now the US software company, which makes Windows, the world's most popular personal computer operating system, is reporting the effects.

Accordingly, Microsoft security experts have found “evidence” in recent weeks that Russian hackers used data they “filtered from Microsoft’s email systems.”

According to the blog post, the attackers gained unauthorized access to Microsoft's internal systems. They also apparently had access to software repositories, which are well-protected online platforms on which software source code is stored.

I wonder what the consequences of intrusion are.

It is not clear from the blog post whether the source code has been leaked, i.e. stolen. However, hackers used the information found in stolen company emails to break into Microsoft's systems and its customers. They also attempted to guess login passwords using “password spraying.”

The hackers apparently tried to use the “secrets” they found in different ways, the blog post said. You won't get really smart from it. Microsoft confirms that it has notified those affected.

Although Microsoft did not clarify exactly what the stolen “secrets” contained, they were likely “authentication tokens, API keys, or credentials,” Bleeping Computer wrote.

It should be noted that the attackers were originally able to gain access because the Microsoft test account was not protected by multi-factor authentication.

Who are the attackers?

Cozy Bear, also called Midnight Blizzard, Nobleium or APT29 by IT security companies, is an elite Russian state-sponsored hacking group linked to the Russian Foreign Intelligence Service (SVR).

Its members are technically savvy and develop their own malware specifically designed for attacks.

Cozy Bear took care of 2020 with Solarwinds attack Headlines around the world. Hackers have compromised popular IT management software and introduced an attack tool (“Sunburst”). This allowed them to deliver their malware to victims' systems as a regular update.

Because the malicious update was digitally signed and came from a trusted source, the attackers were able to reach high-profile targets and essentially hide in plain sight. This is amazing Supply chain attacks According to IT experts, it is very difficult to detect.

The SolarWinds attack, discovered in late 2020, allowed Russian hackers to break into US government agencies, including the Department of Justice.Image: Cornerstone

In total, the attackers were able to compromise 40 additional organizations that were not even SolarWinds customers. The consequences of the cyber attack were enormous. Vulnerabilities in Microsoft and VMware software also allowed attackers to access sensitive documents.

Microsoft later confirmed that the hack allowed it to steal “the source code for a limited number of Azure, Intune, and Exchange components.”

In June 2021, the Russian hacking group again broke into a Microsoft account and gained access to customer support tools, Bleeping Computer Now recalls. Since then, Cozy Bear has been linked to numerous cyber espionage attacks against NATO countries and the European Union.

sources

From St. Gallen to Zurich to Bern, police specialists used special Russian software, although this represents a huge IT security problem. Some police departments continue to do so.

According to research conducted by According to the Tages-Anzeiger newspaper, the Zurich Cantonal Police and other Swiss police authorities have been using special Russian software for years, and the company developing it has excellent personal relations with the Kremlin and Vladimir Putin. Some police departments continue to use the software, although it may be a gateway for elite Russian hackers.