/cdn.vox-cdn.com/uploads/chorus_asset/file/23318432/akrales_220309_4977_0079.jpg "Microsoft’s Midnight Blizzard source code breach also impacted federal agencies")
Microsoft’s Midnight Blizzard source code breach also impacted federal agencies
By Jess Weatherbed , a news writer focused on creative industries, computing, and internet culture. Jess started her career at TechRadar, covering news and hardware reviews.
In March, Microsoft notified the US Department of Veterans Affairs that it was impacted by the security breach that enabled the Russian hacking group known as “Midnight Blizzard” to steal some of the company’s source code, reports Bloomberg. Already assigned blame for the earlier SolarWinds attack, the group has been accused of spying on email accounts of Microsoft’s senior leadership team and attempting to use the secrets obtained there to create additional security breaches.
The VA department found that Midnight Blizzard used a single set of stolen credentials to access a Microsoft Cloud test environment around January. VA officials told Bloomberg that the account was accessed for just one second, presumably to see if the credentials worked — they have since been updated.
According to Bloomberg, Microsoft also informed the US Agency for Global Media that some of its data may have been stolen. Security data and sensitive, personally identifiable information held by the agency is not believed to have been compromised. The Peace Corps was also notified of the Midnight Blizzard breach but told Bloomberg that it was able to “mitigate the vulnerability.” Microsoft hasn’t disclosed which customers have been impacted by the attack.
