In March, Microsoft informed the U.S. Department of Veterans Affairs that it had been affected by the security breach that allowed the Russian hacking group known as “Midnight Blizzard” to steal some of the company’s source code, the newspaper reported. Bloomberg. Responsibility for the previous incident has already been attributed. SolarWinds AttackThe group has been accused of spying on the email accounts of Microsoft’s management team and trying to use the secrets obtained there to create additional security holes.
The Department of Veterans Affairs discovered that Midnight Blizzard used a single set of stolen credentials to access a Microsoft Cloud test environment around January. VA officials said Bloomberg that the account was accessed for only a second, presumably to see if the credentials worked – they have since been updated.
According to BloombergMicrosoft also informed the U.S. Agency for Global Media that some of its data may have been stolen. Security data and sensitive and personally identifiable information held by the agency do not appear to have been compromised. The Peace Corps was also notified of the Midnight Blizzard breach, but was informed Bloomberg Microsoft said it has successfully “mitigated the vulnerability.” Microsoft did not disclose which customers were affected by the attack.
“As our investigation continues, we have reached out to customers to let them know if they corresponded with a Microsoft corporate email account that was accessed,” said Jeff Jones, a Microsoft spokesman. The edge“We will continue to coordinate, support and assist our customers in taking mitigation measures.”
Microsoft had already announced that it was rethinking its cybersecurity efforts last year before the Midnight Blizzard attack after a “cascade of security breaches.” More recently, the software giant said it was making security its “top priority.”priority“as she tries to rebuild the confidence she has already lost.
