Inside the Breach: Unmasking the Russian Hackers’ Intrusion into Microsoft’s Source Code

In January of this year, Microsoft announced a significant cyber-security attack. The tech giant disclosed that Russian hackers had successfully breached their security systems, gaining access to senior executives’ emails. This was a noteworthy incident that raised considerable alarm, highlighting potential vulnerabilities within the network.

Yet, Microsoft has recently come forward to disclose some more disturbing news related to the breach. The severity of the intrusion was significantly downplayed. It has now emerged that the Russian hackers did not just read some confidential emails, but they also managed to access a key element of Microsoft’s source code.

The source code, which is the underlying framework that supports all software and applications, it is a highly sensitive asset. Its compromise represents a significantly escalated threat, as it could potentially be manipulated or exploited to instigate further attacks or misappropriation of information in the future. It is a strong indication that the breach was far more serious than first thought, posing greater challenges for the company’s cyber-security protocols.


Cozy Bear: A Peek into the Sophisticated Tactics of Russia’s Premier Hacking Unit

The cyber-attack on Microsoft has been attributed to a hacking group, known as Midnight Blizzard. However, this group is more widely recognised in the cyber-security industry under the moniker Cozy Bear. Cozy Bear is not just any ordinary group of cyber-criminals. Intelligence reports suggest that it is, in fact, a highly specialised unit that operates under the direct of Russia’s foreign intelligence service, known as the SVR. This places the group amongst some of the top-tier hackers in the world, capable of sophisticated attacks that can compromise even the most secure systems.

The association of Cozy Bear with the Kremlin further escalates the potency and danger of this group. Being linked to the Kremlin indicates that the group is not only technologically advanced but also potentially shielded at a national level and used as a tool for state-sponsored activities, making it one of Russia’s most formidable hacking units. The depth of their skills and their potential backing by a global superpower amplifies the seriousness of the Microsoft breach.


The Real Story Behind the Breach: What happened.

It all started in November, when the implicated hackers infiltrated what Microsoft referred to as a “non-production test tenant account from a bygone era”. The hackers managed this by using a password spray attack — a method of violating a computing system that can be easily prevented. They then utilised this entry point to delve deeper into Microsoft’s other systems, including the emails of top executives. The capability of the hackers to transition from a test system to supposedly secure sections of Microsoft’s corporate systems — such as the source code and executive emails — presents a troubling and perplexing situation, according to security experts.

Microsoft’s latest communication concerning the breach suggests that the company is currently struggling to either remove the hackers from their systems or fend off any future incursions. The company’s blog post indicates that the continuous attack by Midnight Blizzard involves a strong, long-term allocation of the threat actor’s resources, coordination, and focus. It appears that the group could be utilising the obtained information to identify potential areas to attack and enhance its capacity to do so.


Understanding Password Spray Attacks and Effective Strategies for Prevention

In a password spraying attack, rather than targeting a single account with numerous passwords, the attacker uses one password – usually a frequently used or a low-strength one – against multiple accounts. Password spraying attacks prove especially successful against organisations that engage in password sharing, the use of shared passwords across multiple accounts increases the probability of gaining unauthorised access.

Implementing a password security manager such as MyID PSM will enforce strong passwords for all of your active directory managed employees, check against the world’s largest password breach database to ensure all passwords used by your company have not been breached in real-time as well as alerting to any use of a breached password and enforcing the change of these passwords.

If you want to better protect your organisations sensitive data against attacks, contact Intercede today and arrange a free audit to identify your weaknesses and book in for a demo of MyID PSM to see how we can protect you going forward.



Demo Request Button



Trusted by Governments and Enterprises Worldwide

Where protecting systems and information really matters, you will find Intercede.  Whether its citizen data, aerospace and defence systems, high-value financial transactions, intellectual property or air traffic control, we are proud that many leading organisations around the world choose Intercede solutions to protect themselves against data breach, comply with regulations and ensure business continuity.