The Kremlin-funded hacker group “Cozy Bear” has repeatedly attacked Windows. New and alarming findings about data theft have now been published.
March 8, 2024, 6:37 p.mMarch 8, 2024, 6:55 p.m
Follow me
Microsoft published a blog post on Friday informing itself of the long-term consequences of the devastating Russian hacker attack. The elite hackers, who were hired by Russia's foreign intelligence service, were discovered in Microsoft's internal systems at the beginning of 2024.
Now the US software company, which makes Windows, the world's most popular personal computer operating system, is reporting the effects.
Accordingly, Microsoft security experts have found “evidence” in recent weeks that Russian hackers used data they “filtered from Microsoft’s email systems.”
According to the blog post, the attackers gained unauthorized access to Microsoft's internal systems. They also apparently had access to software repositories, which are well-protected online platforms on which software source code is stored.
“To date we have found no evidence that customer systems hosted by Microsoft have been compromised.”
Microsoft
I wonder what the consequences of intrusion are.
It is not clear from the blog post whether the source code has been leaked, i.e. stolen. However, hackers used the information found in stolen company emails to break into Microsoft's systems and its customers. They also attempted to guess login passwords using “password spraying.”
The hackers apparently tried to use the “secrets” they found in different ways, the blog post said. You won't get really smart from it. Microsoft confirms that it has notified those affected.
“Some of these secrets were shared between customers and Microsoft via email, and as we discovered in the leaked emails, we have contacted those customers to help them take remedial action.”
Although Microsoft did not clarify exactly what the stolen “secrets” contained, they were likely “authentication tokens, API keys, or credentials,” Bleeping Computer wrote.
It should be noted that the attackers were originally able to gain access because the Microsoft test account was not protected by multi-factor authentication.
Who are the attackers?
Cozy Bear, also called Midnight Blizzard, Nobleium or APT29 by IT security companies, is an elite Russian state-sponsored hacking group linked to the Russian Foreign Intelligence Service (SVR).
Its members are technically savvy and develop their own malware specifically designed for attacks.
Cozy Bear took care of 2020 with Solarwinds attack Headlines around the world. Hackers have compromised popular IT management software and introduced an attack tool (“Sunburst”). This allowed them to deliver their malware to victims' systems as a regular update.
Because the malicious update was digitally signed and came from a trusted source, the attackers were able to reach high-profile targets and essentially hide in plain sight. This is amazing Supply chain attacks According to IT experts, it is very difficult to detect.
The SolarWinds attack, discovered in late 2020, allowed Russian hackers to break into US government agencies, including the Department of Justice.Image: Cornerstone
In total, the attackers were able to compromise 40 additional organizations that were not even SolarWinds customers. The consequences of the cyber attack were enormous. Vulnerabilities in Microsoft and VMware software also allowed attackers to access sensitive documents.
Microsoft later confirmed that the hack allowed it to steal “the source code for a limited number of Azure, Intune, and Exchange components.”
In June 2021, the Russian hacking group again broke into a Microsoft account and gained access to customer support tools, Bleeping Computer Now recalls. Since then, Cozy Bear has been linked to numerous cyber espionage attacks against NATO countries and the European Union.
sources
How the Russian military intelligence service, the GRU, hacks and kills
1/25
How the Russian military intelligence service, the GRU, hacks and kills
The GRU's repertoire includes targeted killings, covert military operations, hacker attacks, and election manipulation. In this series of photos, you will learn about its units and operations.
Source: shutterstock
How much sea level has actually risen – and what does it threaten if it continues?
Video: Watson
You may also be interested in:
From St. Gallen to Zurich to Bern, police specialists used special Russian software, although this represents a huge IT security problem. Some police departments continue to do so.