In March, Microsoft notified the US Department of Veterans Affairs that it was impacted by the security breach that enabled the Russian hacking group known as “Midnight Blizzard” to steal some of the company’s source code, reports Bloomberg. Already assigned blame for the earlier SolarWinds attack, the group has been accused of spying on email accounts of Microsoft’s senior leadership team and attempting to use the secrets obtained there to create additional security breaches.
The VA department found that Midnight Blizzard used a single set of stolen credentials to access a Microsoft Cloud test environment around January. VA officials told Bloomberg that the account was accessed for just one second, presumably to see if the credentials worked — they have since been updated.
According to Bloomberg, Microsoft also informed the US Agency for Global Media that some of its data may have been stolen. Security data and sensitive, personally identifiable information held by the agency is not believed to have been compromised. The Peace Corps was also notified of the Midnight Blizzard breach but told Bloomberg that it was able to “mitigate the vulnerability.” Microsoft hasn’t disclosed which customers have been impacted by the attack.
“As our investigation continues, we have been reaching out to customers to notify them if they had corresponded with a Microsoft corporate email account that was accessed,” Microsoft spokesperson Jeff Jones said to The Verge. “We will continue to coordinate, support, and assist our customers in taking mitigating measures.”
Microsoft had already announced it was overhauling its cybersecurity efforts last year before the Midnight Blizzard attack after a “cascade of security failures.” More recently, the software giant said it was making security its “top priority” as it attempts to rebuild the trust it’s already lost.