Microsoft said on Friday that the Russian state-backed hacking group Midnight Blizzard was trying to breach its networks using data it took from the tech giant’s business emails in January.
The goal was to gain new access to the servers of tech giants whose products are often used by the US national security establishment, Reuters reports.
Some experts have expressed concern about the disclosure, citing concerns about the security of Microsoft’s systems and services. Microsoft is one of the largest software companies in the world and supplies digital services and infrastructure to the US government.
A group of hackers known as Nobelium gained access to Microsoft’s corporate email networks in January and took emails and documents from employee accounts.
“In recent weeks, we have seen evidence that Midnight Blizzard is using information originally exfiltrated from our corporate email systems to gain or attempt to gain unauthorized access,” the company said in a statement on its blog.
According to the American technology giant, this data covers part of its internal systems and source code repositories.
The company’s shares fell slightly after hearing the news.
“It’s clear that Midnight Blizzard is trying to use the secrets of the various types it has found,” the company added. “Some of these secrets were shared between customers and Microsoft in an email, and as we discover in our exfiltrated email, we have and are reaching out to those customers to help them take mitigation measures.”
The corporation claimed that hackers have become somewhat more active in their attempts to penetrate Microsoft.
For example, compared to their January attack, Microsoft reported that the use of “password spraying,” where an attacker uses the same password on multiple accounts in the hope of getting in, has increased up to 10 times.
Requests for a response to Microsoft’s claims about the Midnight Blizzard attack had previously gone unanswered by the Russian embassy in Washington.
The tech giant said there was no evidence the attack hit any of its customer-facing systems.
