Microsoft Reveals Cyberattack & Theft of Internal Source Code

T0@st · Mar 9, 2024

We have provided an update on the nation-state attack that was detected by the Microsoft Security Team on January 12, 2024. As we shared, on January 19, the security team detected this attack on our corporate email systems and immediately activated our response process. The Microsoft Threat Intelligence investigation identified the threat actor as Midnight Blizzard, the Russian state-sponsored actor also known as NOBELIUM. As we said at that time, our investigation was ongoing, and we would provide additional details as appropriate.

In recent weeks, we have seen evidence that Midnight Blizzard is using information initially exfiltrated from our corporate email systems to gain, or attempt to gain, unauthorized access. This has included access to some of the company's source code repositories and internal systems. To date we have found no evidence that Microsoft-hosted customer-facing systems have been compromised. It is apparent that Midnight Blizzard is attempting to use secrets of different types it has found. Some of these secrets were shared between customers and Microsoft in email, and as we discover them in our exfiltrated email, we have been and are reaching out to these customers to assist them in taking mitigating measures. Midnight Blizzard has increased the volume of some aspects of the attack, such as password sprays, by as much as 10-fold in February, compared to the already large volume we saw in January 2024.

Midnight Blizzard's ongoing attack is characterized by a sustained, significant commitment of the threat actor's resources, coordination, and focus. It may be using the information it has obtained to accumulate a picture of areas to attack and enhance its ability to do so. This reflects what has become more broadly an unprecedented global threat landscape, especially in terms of sophisticated nation-state attacks.

Across Microsoft, we have increased our security investments, cross-enterprise coordination and mobilization, and have enhanced our ability to defend ourselves and secure and harden our environment against this advanced persistent threat. We have and will continue to put in place additional enhanced security controls, detections, and monitoring.

Our active investigations of Midnight Blizzard activities are ongoing, and findings of our investigations will continue to evolve. We remain committed to sharing what we learn.

View at TechPowerUp Main Site | Source

ThrashZone · Mar 9, 2024

Hi,
Internal passwordless world hehe

Daven · Mar 9, 2024

It weird here in the US. The Russian government is actively attacking our technology companies and cyber infrastructure while half of US government is trying to fund Ukraine and the other half of US government is using Russia to undermine our election system.

It like some kind of modern day version of Game of Thrones. Kinda cool in a demented way.

AsRock · Mar 9, 2024

Daven said:
It weird here in the US. The Russian government is actively attacking our technology companies and cyber infrastructure while half of US government is trying to fund Ukraine and the other half of US government is using Russia to undermine our election system.

It like some kind of modern day version of Game of Thrones. Kinda cool in a demented way.

Russia is ?, more chance it being China.

R-T-B · Mar 9, 2024

AsRock said:
Russia is ?, more chance it being China.

Russia totally is.

T0@st said:
The Microsoft Threat Intelligence investigation identified the threat actor as Midnight Blizzard, the Russian state-sponsored actor also known as NOBELIUM.

Ferrum Master · Mar 9, 2024

And at the end of the day it still will be a rouge ex-employee(maybe Russian) or an idiot left his laptop in a pub again.

But yeah... Russian attack sounds more plausible. The truth usually lies somewhere in between.

dgianstefani · Mar 9, 2024

Daven said:
It weird here in the US. The Russian government is actively attacking our technology companies and cyber infrastructure while half of US government is trying to fund Ukraine and the other half of US government is using Russia to undermine our election system.

It like some kind of modern day version of Game of Thrones. Kinda cool in a demented way.

Really? "Russian interference" boogeyman aside I think you guys are undermining the election system well enough on your own considering voter ID isn't even required. Besides, coming from the country that founded the CIA, it's a bit rich talking about supposed Russian meddling in sovereign nation's politics and elections, what did they do again? Some promoted political posts on Facebook or something, total budget in the low thousands $.

But regarding the hacks, every powerful nation state is actively doing this to each other. USA, China and Russia are just big enough and good enough that it's noticeable.

Even my university IT staff talk about the constant attempted hacks 24/7 from China and other sources.

trsttte · Mar 9, 2024

dgianstefani said:
Really? "Russian interference" boogeyman aside I think you guys are undermining the election system well enough on your own considering voter ID isn't even required. Besides, coming from the country that founded the CIA, it's a bit rich talking about supposed Russian meddling in sovereign nation's politics and elections, what did they do again? Some promoted political posts on Facebook or something, total budget in the low thousands $.

But regarding the hacks, every powerful nation state is actively doing this to each other. USA, China and Russia are just big enough and good enough that it's noticeable.

Even my university IT staff talk about the constant attempted hacks 24/7 from China and other sources.

That's some weird both siding it when China and Russia don't have elections to begin with. But I'll see myself out as this already went on a very unnecessary political tangent

dgianstefani · Mar 9, 2024

trsttte said:
That's some weird both siding it when China and Russia don't have elections to begin with. But I'll see myself out as this already went on a very unnecessary political tangent

The 24/7 cyberwarfare between these three and others isn't related to the elections content being discussed separately. But hacking is just the reality of 2024, and is an observation related to how this time MS were aware of a specific hack that was successful.

zmeul · Mar 9, 2024

if MS can't keep their own shit safe, how can we trust them to keep our shit safe?

Scrizz · Mar 9, 2024

zmeul said:
if MS can't keep their own shit safe, how can we trust them to keep our shit safe?

The thing is... security is a lie, and nothing is safe. As soon as you accept that, you'll be fine. :toast:

Space Lynx · Mar 9, 2024

Why would you even keep super important source code online accessible. It's funny to me how secure our rare libraries are vs modern tech. Like if I want to read a book from Ancient Rome, I have to go sit in a room while being supervised as I read it, then they put the book away for me. lol just makes me laugh

mb194dc · Mar 9, 2024

No surprises here. Mentioned something similar in the thread about Meta and got low quality post hidden.

Maybe they should focus more on security than AI pumping?

Deleted member 229121 · Mar 9, 2024

Sighs. At least it's not Equifax (again)...

DeathtoGnomes · Mar 9, 2024

The Nigerian Prince strikes again. Some gullible person clicked a link...

mama · Mar 9, 2024

DeathtoGnomes said:
The Nigerian Prince strikes again. Some gullible person clicked a link...

Yep, that's what happened! No point fretting about Microsoft and their security - it's out of our control. Just control the things you can.

cvaldes · Mar 9, 2024

Space Lynx said:
Why would you even keep super important source code online accessible. It's funny to me how secure our rare libraries are vs modern tech. Like if I want to read a book from Ancient Rome, I have to go sit in a room while being supervised as I read it, then they put the book away for me. lol just makes me laugh

That's because that ancient Roman book is physical, likely very rare (or unique), and subject to wear & tear. Their strict reading room measures are to preserve the physical book, not the data it holds.

The same procedures are used for other old items like Greek pottery, jewelry, paintings, drawings, textiles, etc. They are more worried about damage to the physical object by careless or poor handling from your greasy hands or you spilling a soda all over a priceless manuscript.

In fact, many of these priceless artifacts get digitally archived as a precaution against further damage to the original object. This is particularly important for books because a museum can't put a book on display and show all of its pages.

For something like precious source code, there are multiple copies. That's what backups are for. You can make a copy of the Magna Carta but the copy doesn't have the same value as the original. For digital data, it's all pretty much equivalent.

Let's say you have your grandfather's wristwatch and it gets destroyed in an accident. You find the same exact model on FleaBay. Would you buy it as a replacement? It's no longer the item that your grandfather actually used. It just looks the same.

Anyhow, it goes well beyond the loss of source code. It's about losing trust. Even if they can identify and eventually nail the perpetrators, they have lost trust and goodwill from customers. And not just Joe Consumer or Xbox Gamer Guy, it also includes corporate customers of Azure.

Even if you don't use OneDrive, you probably use some service that is running on Azure. Can't get away from the cloud anymore even if you disconnect your PC from the Internet and throw away your smartphone. Your bank, hospital, insurance company, airline, public transit system, etc. are all online.

Isaak said:
View attachment 338302

Yeah, until you run out of money or public support.

The latter happened to the USA in Vietnam.

Yes, you can defeat anything. But at what cost? Is it always worth it?

With cyberattacks, a very small organization can topple a massive one. It's a little different than the physical warfare that Patton was commenting about. Look at Kevin Mitnick.

I can't buy a DJI drone and defeat the British Navy. However a hacker could by a $500 laptop and infiltrate Microsoft.

System Name	Ghetto Rigs z490\|x99\|Acer 17 Nitro 7840hs/ 5600c40-2x16/ 4060/ 1tb acer stock m.2/ 4tb sn850x
Processor	10900k w/Optimus Foundation \| 5930k w/Black Noctua D15
Motherboard	z490 Maximus XII Apex \| x99 Sabertooth
Cooling	oCool D5 res-combo/280 GTX/ Optimus Foundation/ gpu water block \| Blk D15
Memory	Trident-Z Royal 4000c16 2x16gb \| Trident-Z 3200c14 4x8gb
Video Card(s)	Titan Xp-water \| evga 980ti gaming-w/ air
Storage	970evo+500gb & sn850x 4tb \| 860 pro 256gb \| Acer m.2 1tb/ sn850x 4tb\| Many2.5" sata's ssd 3.5hdd's
Display(s)	1-AOC G2460PG 24"G-Sync 144Hz/ 2nd 1-ASUS VG248QE 24"/ 3rd LG 43" series
Case	D450 \| Cherry Entertainment center on Test bench
Audio Device(s)	Built in Realtek x2 with 2-Insignia 2.0 sound bars & 1-LG sound bar
Power Supply	EVGA 1000P2 with APC AX1500 \| 850P2 with CyberPower-GX1325U
Mouse	Redragon 901 Perdition x3
Keyboard	G710+x3
Software	Win-7 pro x3 and win-10 & 11pro x3
Benchmark Scores	Are in the benchmark section

System Name	Pioneer
Processor	Ryzen R9 9950X
Motherboard	GIGABYTE Aorus Elite X670 AX
Cooling	Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory	64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s)	XFX RX 7900 XTX Speedster Merc 310
Storage	Intel 905p Optane 960GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s)	55" LG 55" B9 OLED 4K Display
Case	Thermaltake Core X31
Audio Device(s)	TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply	FSP Hydro Ti Pro 850W
Mouse	Logitech G305 Lightspeed Wireless
Keyboard	WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software	Gentoo Linux x64 / Windows 11 Enterprise IoT 2024

System Name	HELLSTAR
Processor	AMD RYZEN 9 5950X
Motherboard	ASUS Strix X570-E
Cooling	2x 360 + 280 rads. 3x Gentle Typhoons, 3x Phanteks T30, 2x TT T140 . EK-Quantum Momentum Monoblock.
Memory	4x8GB G.SKILL Trident Z RGB F4-4133C19D-16GTZR 14-16-12-30-44
Video Card(s)	Sapphire Pulse RX 7900XTX. Water block. Crossflashed.
Storage	Optane 900P[Fedora] + WD BLACK SN850X 4TB + 750 EVO 500GB + 1TB 980PRO+SN560 1TB(W11)
Display(s)	Philips PHL BDM3270 + Acer XV242Y
Case	Lian Li O11 Dynamic EVO
Audio Device(s)	SMSL RAW-MDA1 DAC
Power Supply	Fractal Design Newton R3 1000W
Mouse	Razer Basilisk
Keyboard	Razer BlackWidow V3 - Yellow Switch
Software	FEDORA 41

System Name	Silent
Processor	Ryzen 7800X3D @ 5.15ghz BCLK OC, TG AM5 High Performance Heatspreader
Motherboard	ASUS ROG Strix X670E-I, chipset fans replaced with Noctua A14x25 G2
Cooling	Optimus Block, HWLabs Copper 240/40 + 240/30, D5/Res, 4x Noctua A12x25, 1x A14G2, Mayhems Ultra Pure
Memory	32 GB Dominator Platinum 6150 MT 26-36-36-48, 56.6ns AIDA, 2050 FCLK, 160 ns tRFC, active cooled
Video Card(s)	RTX 3080 Ti Founders Edition, Conductonaut Extreme, 18 W/mK MinusPad Extreme, Corsair XG7 Waterblock
Storage	Intel Optane DC P1600X 118 GB, Samsung 990 Pro 2 TB
Display(s)	32" 240 Hz 1440p Samsung G7, 31.5" 165 Hz 1440p LG NanoIPS Ultragear, MX900 dual gas VESA mount
Case	Sliger SM570 CNC Aluminium 13-Litre, 3D printed feet, custom front, LINKUP Ultra PCIe 4.0 x16 white
Audio Device(s)	Audeze Maxwell Ultraviolet w/upgrade pads & LCD headband, Galaxy Buds 3 Pro, Razer Nommo Pro
Power Supply	SF750 Plat, full transparent custom cables, Sentinel Pro 1500 Online Double Conversion UPS w/Noctua
Mouse	Razer Viper V3 Pro 8 KHz Mercury White w/Tiger Ice Skates & Pulsar Supergrip tape, Razer Atlas
Keyboard	Wooting 60HE+ module, TOFU-R CNC Alu/Brass, SS Prismcaps W+Jellykey, LekkerV2 mod, TLabs Leath/Suede
Software	Windows 11 IoT Enterprise LTSC 24H2
Benchmark Scores	Legendary

System Name	Silent
Processor	Ryzen 7800X3D @ 5.15ghz BCLK OC, TG AM5 High Performance Heatspreader
Motherboard	ASUS ROG Strix X670E-I, chipset fans replaced with Noctua A14x25 G2
Cooling	Optimus Block, HWLabs Copper 240/40 + 240/30, D5/Res, 4x Noctua A12x25, 1x A14G2, Mayhems Ultra Pure
Memory	32 GB Dominator Platinum 6150 MT 26-36-36-48, 56.6ns AIDA, 2050 FCLK, 160 ns tRFC, active cooled
Video Card(s)	RTX 3080 Ti Founders Edition, Conductonaut Extreme, 18 W/mK MinusPad Extreme, Corsair XG7 Waterblock
Storage	Intel Optane DC P1600X 118 GB, Samsung 990 Pro 2 TB
Display(s)	32" 240 Hz 1440p Samsung G7, 31.5" 165 Hz 1440p LG NanoIPS Ultragear, MX900 dual gas VESA mount
Case	Sliger SM570 CNC Aluminium 13-Litre, 3D printed feet, custom front, LINKUP Ultra PCIe 4.0 x16 white
Audio Device(s)	Audeze Maxwell Ultraviolet w/upgrade pads & LCD headband, Galaxy Buds 3 Pro, Razer Nommo Pro
Power Supply	SF750 Plat, full transparent custom cables, Sentinel Pro 1500 Online Double Conversion UPS w/Noctua
Mouse	Razer Viper V3 Pro 8 KHz Mercury White w/Tiger Ice Skates & Pulsar Supergrip tape, Razer Atlas
Keyboard	Wooting 60HE+ module, TOFU-R CNC Alu/Brass, SS Prismcaps W+Jellykey, LekkerV2 mod, TLabs Leath/Suede
Software	Windows 11 IoT Enterprise LTSC 24H2
Benchmark Scores	Legendary

Microsoft Reveals Cyberattack & Theft of Internal Source Code

T0@st

News Editor

ThrashZone

Daven

AsRock

TPU addict

R-T-B

Ferrum Master

dgianstefani

TPU Proofreader

trsttte

dgianstefani

TPU Proofreader

zmeul

Scrizz

Space Lynx

Astronaut

mb194dc

Deleted member 229121

Guest

DeathtoGnomes

mama

cvaldes

Processor	Intel i7 13700K
Motherboard	ASUS PROArt Z690 Creator WiFi
Cooling	Liquid Freezer II - 280
Memory	Kingston 32GB DDR5 @ 6200 MT/s
Video Card(s)	Palit RTX3070 GamingPRO
Storage	TrueNAS CORE
Case	Phanteks ECLIPSE P600S
Audio Device(s)	Creative Sound Blaster AE-5
Power Supply	SEASONIC CONNECT 750W

System Name	:)
Processor	Intel 13700k
Motherboard	Gigabyte z790 UD AC
Cooling	Noctua NH-D15
Memory	64GB GSKILL DDR5
Video Card(s)	Gigabyte RTX 4090 Gaming OC
Storage	960GB Optane 905P U.2 SSD + 4TB PCIe4 U.2 SSD
Display(s)	Alienware AW3423DW 175Hz QD-OLED + AOC Agon Pro AG276QZD2 240Hz QD-OLED
Case	Fractal Design Torrent
Audio Device(s)	MOTU M4 - JBL 305P MKII w/2x JL Audio 10 Sealed --- X-Fi Titanium HD - Presonus Eris E5 - JBL 4412
Power Supply	Silverstone 1000W
Mouse	Roccat Kain 122 AIMO
Keyboard	KBD67 Lite / Mammoth75
VR HMD	Reverb G2 V2
Software	Win 11 Pro

Processor	7800X3D -25 all core
Motherboard	B650 Steel Legend
Cooling	Frost Commander 140
Video Card(s)	Merc 310 7900 XT @3100 core -.75v
Display(s)	Agon 27" QD-OLED Glossy 240hz 1440p
Case	NZXT H710 (Red/Black)
Audio Device(s)	Asgard 2, Modi 3, HD58X
Power Supply	Corsair RM850x Gold

System Name	Dumbass
Processor	AMD Ryzen 7800X3D
Motherboard	ASUS TUF gaming B650
Cooling	Artic Liquid Freezer 2 - 420mm
Memory	G.Skill Sniper 32gb DDR5 6000
Video Card(s)	GreenTeam 4070 ti super 16gb
Storage	Samsung EVO 500gb & 1Tb, 2tb HDD, 500gb WD Black
Display(s)	1x Nixeus NX_EDG27, 2x Dell S2440L (16:9)
Case	Phanteks Enthoo Primo w/8 140mm SP Fans
Audio Device(s)	onboard (realtek?) - SPKRS:Logitech Z623 200w 2.1
Power Supply	Corsair HX1000i
Mouse	Steeseries Esports Wireless
Keyboard	Corsair K100
Software	windows 10 H
Benchmark Scores	https://i.imgur.com/aoz3vWY.jpg?2

System Name	1. Glasshouse 2. Odin OneEye
Processor	1. Ryzen 9 5900X (manual PBO) 2. Ryzen 9 7900X
Motherboard	1. MSI x570 Tomahawk wifi 2. Gigabyte Aorus Extreme 670E
Cooling	1. Noctua NH D15 Chromax Black 2. Custom Loop 3x360mm (60mm) rads & T30 fans/Aquacomputer NEXT w/b
Memory	1. G Skill Neo 16GBx4 (3600MHz 16/16/16/36) 2. Kingston Fury 16GBx2 DDR5 CL36
Video Card(s)	1. Asus Strix Vega 64 2. Powercolor Liquid Devil 7900XTX
Storage	1. Corsair Force MP600 (1TB) & Sabrent Rocket 4 (2TB) 2. Kingston 3000 (1TB) and Hynix p41 (2TB)
Display(s)	1. Samsung U28E590 10bit 4K@60Hz 2. LG C2 42 inch 10bit 4K@120Hz
Case	1. Corsair Crystal 570X White 2. Cooler Master HAF 700 EVO
Audio Device(s)	1. Creative Speakers 2. Built in LG monitor speakers
Power Supply	1. Corsair RM850x 2. Superflower Titanium 1600W
Mouse	1. Microsoft IntelliMouse Pro (grey) 2. Microsoft IntelliMouse Pro (black)
Keyboard	Leopold High End Mechanical
Software	Windows 11

System Name	daily driver Mac mini M2 Pro
Processor	Apple proprietary M2 Pro (6 p-cores, 4 e-cores)
Motherboard	Apple proprietary
Cooling	Apple proprietary
Memory	Apple proprietary 16GB LPDDR5 unified memory
Video Card(s)	Apple proprietary M2 Pro (16-core GPU)
Storage	Apple proprietary onboard 512GB SSD + various external HDDs
Display(s)	LG UltraFine 27UL850W (4K@60Hz IPS)
Case	Apple proprietary
Audio Device(s)	Apple proprietary
Power Supply	Apple proprietary
Mouse	Apple Magic Trackpad 2
Keyboard	Keychron K1 tenkeyless (Gateron Reds)
VR HMD	Oculus Rift S (hosted on a different PC)
Software	macOS Sonoma 14.7
Benchmark Scores	(My Windows daily driver is a Beelink Mini S12 Pro. I'm not interested in benchmarking.)