微软源代码遭窃，部分客户机密泄露

Microsoft on Friday revealed that the Kremlin-backed threat actor known as Midnight Blizzard (aka APT29 or Cozy Bear) managed to gain access to some of its source code repositories and internal systems following a hack that came to light in January 2024.

微软在周五透露，克里姆林宫支持的威胁行为者“午夜暴雪”（又称APT29或Cozy Bear）成功访问了其一些源代码存储库和内部系统，这是在2024年1月曝光的一次黑客攻击后发生的。

"In recent weeks, we have seen evidence that Midnight Blizzard is using information initially exfiltrated from our corporate email systems to gain, or attempt to gain, unauthorized access," the tech giant said.

这家科技巨头表示：“近几周，我们发现午夜暴雪正在利用最初从我们的企业电子邮件系统中外泄的信息来获取或试图获取未经授权的访问权限。”

"This has included access to some of the company's source code repositories and internal systems. To date we have found no evidence that Microsoft-hosted customer-facing systems have been compromised."

“这包括访问公司的一些源代码存储库和内部系统。迄今为止，我们没有发现微软托管的面向客户的系统受到侵害的证据。”

Redmond, which is continuing to investigate the extent of the breach, said the Russian state-sponsored threat actor is attempting to leverage the different types of secrets it found, including those that were shared between customers and Microsoft in email.

雷德蒙德正在继续调查此次入侵的程度，称俄罗斯国家支持的威胁行为者正试图利用它发现的不同类型的秘密，包括在电子邮件中客户和微软之间共享的秘密。

It, however, did not disclose what these secrets were or the scale of the compromise, although it said it has directly reached out to impacted customers. It's not clear what source code was accessed.

但是，它没有透露这些秘密是什么或受到侵害的规模，尽管它表示已直接与受影响的客户联系。目前尚不清楚访问了哪些源代码。

Stating that it has increased in its security investments, Microsoft further noted that the adversary ramped up its password spray attacks by as much as 10-fold in February, compared to the "already large volume" observed in January.

微软表示，已加大安全投资，此外还指出，与一月观察到的“已经很大量”相比，对手在2月的密码喷洒攻击增加了多达10倍。

"Midnight Blizzard's ongoing attack is characterized by a sustained, significant commitment of the threat actor's resources, coordination, and focus," it said.

它表示：“午夜暴雪的持续攻击表现出威胁行为者资源、协调和专注方面的显著投入。”

"It may be using the information it has obtained to accumulate a picture of areas to attack and enhance its ability to do so. This reflects what has become more broadly an unprecedented global threat landscape, especially in terms of sophisticated nation-state attacks."

“它可能正在利用已获得的信息积累攻击领域的图景并增强其能力。这反映了一个日益广泛的前所未有的全球威胁格局，尤其是在复杂的国家级攻击方面。”

The Microsoft breach is said to have taken place in November 2023, with Midnight Blizzard employing a password spray attack to successfully infiltrate a legacy, non-production test tenant account that did not have multi-factor authentication (MFA) enabled.

据说微软的入侵发生在2023年11月，午夜暴雪利用密码喷洒攻击成功渗透了一个未启用多因素身份验证（MFA）的旧版非生产测试租户帐户。

The tech giant, in late January, revealed that APT29 had targeted other organizations by taking advantage of a diverse set of initial access methods ranging from stolen credentials to supply chain attacks.

这家科技巨头在1月底透露，APT29通过利用从窃取的凭证到供应链攻击等多种初始访问方法，已经针对其他组织进行了攻击。

Midnight Blizzard is considered part of Russia's Foreign Intelligence Service (SVR). Active since at least 2008, the threat actor is one of the most prolific and sophisticated hacking groups, compromising high-profile targets such as SolarWinds.

午夜暴雪被认为是俄罗斯的外国情报局（SVR）的一部分。这个威胁行为者至少自2008年以来一直活跃，是最多产和最复杂的黑客组织之一，入侵了诸如SolarWinds等知名目标。

参考资料

[1]https://thehackernews.com/2024/03/microsoft-confirms-russian-hackers.html

关注我们

        欢迎来到我们的公众号！我们专注于全球网络安全和精选双语资讯，为您带来最新的资讯和深入的分析。在这里，您可以了解世界各地的网络安全事件，同时通过我们的双语新闻，获取更多的行业知识。感谢您选择关注我们，我们将继续努力，为您带来有价值的内容。

原文始发于微信公众号（知机安全）：微软源代码遭窃，部分客户机密泄露