Russian hackers have been attempting to breach Microsoft’s systems in recent weeks, using stolen information they acquired in an earlier hack, the company said Friday.
The hackers, which Microsoft identified as a Russian state-sponsored group known as Midnight Blizzard, have been “using information initially exfiltrated from our corporate email systems to gain, or attempt to gain, unauthorized access” to the company’s systems.
Microsoft previously revealed in January that it had “detected a nation-state attack” on its corporate systems from Midnight Blizzard.
The hackers were able to gain access to “a very small percentage” of corporate email accounts, including some belonging to members of Microsoft’s senior leadership team, the tech giant said at the time.
“It is apparent that Midnight Blizzard is attempting to use secrets of different types it has found,” Microsoft said in Friday’s blog post.
This includes “secrets” shared between customers and Microsoft via email. The company said it is informing customers and assisting them in taking mitigating measures, as it discovers this information in its exfiltrated email.
In February, the Russian hacking group increased the volume of certain types of attacks, such as password sprays, by as much as tenfold, according to Microsoft. Password sprays are a type of cyberattack in which hackers repeatedly use the same password on different accounts in an attempt to gain access.
“Midnight Blizzard’s ongoing attack is characterized by a sustained, significant commitment of the threat actor’s resources, coordination, and focus,” Microsoft said. “It may be using the information it has obtained to accumulate a picture of areas to attack and enhance its ability to do so.”
“This reflects what has become more broadly an unprecedented global threat landscape, especially in terms of sophisticated nation-state attacks,” it added.