Midnight Blizzard, previously referred to as Nobelium, is best known as the threat actor behind the infamous supply chain attack against SolarWinds in late 2020.
The advanced persistent threat group, more commonly known as Cozy Bear and APT29, breached SolarWinds and poisoned software updates for the company's Orion platform with malicious implants, which more than 18,000 customers installed.
The hackers used the implants to access hundreds of victims' networks, including U.S. government agencies, Microsoft, Intel, Cisco and others.
Microsoft revealed that Midnight Blizzard struck again two months ago.
TechTarget Editorial asked Microsoft whether any information that could be relevant to customer data was compromised as part of the attack, but the company declined to comment.
Our security team recently detected an attack on our corporate systems attributed to the Russian state-sponsored actor Midnight Blizzard.
We immediately activated our response process to investigate, disrupt malicious activity, mitigate the attack, and deny the threat actor further access.
The attack was not the result of a vulnerability in Microsoft products or services.
To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems.
The blog post also mentioned the Secure Future Initiative, Microsoft's plan announced last fall to promote transparency and improve cybersecurity in both its own organization and across the tech ecosystem.
The initiative came in the wake of years of criticism from the cybersecurity industry toward Microsoft's practices surrounding its transparency, patching and communication.
Alexander Culafi is an information security news writer, journalist and podcaster based in Boston.
This Cyber News was published on www.techtarget.com. Publication date: Mon, 22 Jan 2024 22:13:04 +0000