On Friday, Microsoft said Russian government hackers continue to break into its systems using information obtained during a hack last year. This time, the Russian hackers dubbed Midnight Blizzard have targeted Microsoft’s source code and other internal systems, the company said.
“In recent weeks, we have seen evidence that Midnight Blizzard is using information initially exfiltrated from our corporate email systems to gain, or attempt to gain, unauthorized access. This has included access to some of the company’s source code repositories and internal systems,” Microsoft wrote in a blog post.
Microsoft also disclosed these new findings in a filing with the U.S. Securities and Exchange Commission on Friday.
This new intrusion comes after Microsoft revealed in January that Russian government hackers had broken into the company’s systems last November.
At the time, the Russian hackers broke into corporate email accounts of “senior leadership team and employees in our cybersecurity, legal, and other functions.” The goal of the operation, according to Microsoft, was to figure out what information Microsoft has on them.
The tech giant said in its latest blog post on Friday that Midnight Blizzard “is attempting to use secrets of different types it has found.”
The hacking group, also known as APT29 or Cozy Bear, found some of that secret information in emails shared between Microsoft and its customers. And the hackers have increased their attempts to brute force accounts — also known as “password spraying” — tenfold since its initial attacks, according to Microsoft.
The hackers activities show “a sustained, significant commitment” of their “resources, coordination, and focus,” according to the company.
“[Midnight Blizzard] may be using the information it has obtained to accumulate a picture of areas to attack and enhance its ability to do so,” Microsoft wrote.
Midnight Blizzard is believed to be a hacking group working for Russia’s Foreign Intelligence Service, known by its Russian initials, SVR. The spies have been one of the most prolific government-backed hacking groups in the last few years, compromising high-profile targets, such as those against the Democratic National Committee in 2016, SolarWinds in 2019, and many more.