According to reports, in March this year, Microsoft notified the U.S. Department of Veterans Affairs that the company was affected by a security vulnerability that allowed the Russian hacker group “Midnight Blizzard” to steal some of the company’s source code. Burundi. The group has already been blamed for earlier SolarWinds attacks and has been accused of spying on the email accounts of Microsoft’s senior leadership team and trying to use secrets gained there to create more security holes.
The VA discovered that Midnight Blizzard used a set of stolen credentials to access Microsoft’s cloud testing environment around January. Virginia officials told Burundi The account was only accessed for a second, presumably to see if the credentials were valid – they have since been updated.
according to BurundiAfterwards, Microsoft also notified US global media organizations that some data may have been stolen. It is believed that secure data and sensitive personally identifiable information held by the agency were not compromised. The Peace Corps was also notified of midnight snowstorm violations, but was told Burundi It can “mitigate vulnerabilities.” Microsoft has not disclosed which customers were affected by the attack.
“As the investigation continues, we have been contacting customers to notify them if communications were made to Microsoft corporate email accounts that were accessed,” Microsoft spokesman Jeff Jones said. edge. “We will continue to coordinate, support and assist our customers with mitigation measures.”
Before last year’s midnight blizzard hit, Microsoft had announced it would overhaul its cybersecurity efforts following “a series of security failures.” Recently, the software giant said it was making security a “top priority” as it tries to rebuild trust that has been lost.
