Russian hackers are weaponizing stolen Microsoft passwords

A Russian state-sponsored hacking group that stole sensitive data from Microsoft Corp. executives is trying to leverage that information to compromise the company’s source code and internal systems, according to the technology giant.

A hacking group Microsoft first identified in January, called Midnight Blizzard, had more unauthorized access than previously thought, the company said on Friday. The hackers, also called Cozy Bear and APT29, were previously caught accessing emails that belonged to senior leaders, including cybersecurity and legal executives. Microsoft said customer-facing systems don’t appear to have been compromised.

The suspected Russian hackers have increased by tenfold their volume of attempted password spray attacks, a technique in which intruders attempt to use multiple passwords on specific usernames to try breaching high-value accounts. The group also is attempting to use secrets shared between Microsoft and its customers in email. Microsoft now is alerting customers to the issue and helping mitigate the problem.

“Midnight Blizzard’s ongoing attack is characterized by a sustained, significant commitment of the threat actor’s resources, coordination and focus,” the company said in its blog post. “It may be using the information it has obtained to accumulate a picture of areas to attack and enhance its ability to do so.”

Microsoft also alerted the US Securities and Exchange Commission to the matter.