#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
DevSecOps

Midnight Blizzard | Breaking Cybersecurity News | The Hacker News

Category — Midnight Blizzard
U.S. Federal Agencies Ordered to Hunt for Signs of Microsoft Breach and Mitigate Risks

U.S. Federal Agencies Ordered to Hunt for Signs of Microsoft Breach and Mitigate Risks

Apr 12, 2024 Cyber Attack / Data Breach
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday issued an emergency directive (ED 24-02) urging federal agencies to hunt for signs of compromise and enact preventive measures following the recent compromise of Microsoft's systems that led to the theft of email correspondence with the company. The attack, which  came to light  earlier this year, has been attributed to a Russian nation-state group tracked as Midnight Blizzard (aka APT29 or Cozy Bear). Last month, Microsoft revealed that the adversary managed to access some of its source code repositories but noted that there is no evidence of a breach of customer-facing systems. The emergency directive, which was originally issued privately to federal agencies on April 2, was  first reported  on by CyberScoop two days later. "The threat actor is using information initially exfiltrated from the corporate email systems, including authentication details shared between Microsoft customers ...
Russian Hackers Use 'WINELOADER' Malware to Target German Political Parties

Russian Hackers Use 'WINELOADER' Malware to Target German Political Parties

Mar 23, 2024 Cyber Espionage / Cyber Warfare
The WINELOADER backdoor used in recent cyber attacks targeting diplomatic entities with wine-tasting phishing lures has been attributed as the handiwork of a hacking group with links to Russia's Foreign Intelligence Service (SVR), which was responsible for  breaching SolarWinds and Microsoft . The findings come from Mandiant, which said  Midnight Blizzard  (aka APT29, BlueBravo, or Cozy Bear) used the malware to target German political parties with phishing emails bearing a logo from the Christian Democratic Union (CDU) around February 26, 2024. "This is the first time we have seen this APT29 cluster target political parties, indicating a possible area of emerging operational focus beyond the  typical   targeting  of  diplomatic missions ," researchers Luke Jenkins and Dan Black  said . WINELOADER was  first disclosed  by Zscaler ThreatLabz last month as part of a cyber espionage campaign that's believed to have been ongoing since a...
4 Ways to Keep MFA From Becoming too Much of a Good Thing

4 Ways to Keep MFA From Becoming too Much of a Good Thing

Feb 11, 2025IT Security / Threat Protection
Multi-factor authentication (MFA) has quickly become the standard for securing business accounts. Once a niche security measure, adoption is on the rise across industries. But while it's undeniably effective at keeping bad actors out, the implementation of MFA solutions can be a tangled mess of competing designs and ideas. For businesses and employees, the reality is that MFA sometimes feels like too much of a good thing. Here are a few reasons why MFA isn't implemented more universally. 1. Businesses see MFA as a cost center MFA for businesses isn't free, and the costs of MFA can add up over time. Third-party MFA solutions come with subscription costs, typically charged per user. Even built-in options like Microsoft 365's MFA features can cost extra depending on your Microsoft Entra license. Plus, there's the cost of training employees to use MFA and the time IT takes to enroll them. If MFA increases help desk calls, support costs go up too. While these expenses are far less t...
Microsoft Confirms Russian Hackers Stole Source Code, Some Customer Secrets

Microsoft Confirms Russian Hackers Stole Source Code, Some Customer Secrets

Mar 09, 2024 Cyber Attack / Threat Intelligence
Microsoft on Friday revealed that the Kremlin-backed threat actor known as  Midnight Blizzard  (aka APT29 or Cozy Bear) managed to gain access to some of its source code repositories and internal systems following a  hack that came to light  in January 2024. "In recent weeks, we have seen evidence that Midnight Blizzard is using information initially exfiltrated from our corporate email systems to gain, or attempt to gain, unauthorized access," the tech giant  said . "This has included access to some of the company's source code repositories and internal systems. To date we have found no evidence that Microsoft-hosted customer-facing systems have been compromised." Redmond, which is continuing to investigate the extent of the breach, said the Russian state-sponsored threat actor is attempting to leverage the different types of secrets it found, including those that were shared between customers and Microsoft in email. It, however, did not disclose what the...
cyber security

Level Up Your Cyber Skills at SANS 2025

websiteSANS InstituteCyber Security / Training
Master in-demand techniques at our largest training event in 2025. Explore 50+ courses. Train in person to claim your $769 savings!
Midnight Blizzard and Cloudflare-Atlassian Cybersecurity Incidents: What to Know

Midnight Blizzard and Cloudflare-Atlassian Cybersecurity Incidents: What to Know

Feb 13, 2024 SaaS Security / Data Breach
The Midnight Blizzard and Cloudflare-Atlassian cybersecurity incidents raised alarms about the vulnerabilities inherent in major SaaS platforms. These incidents illustrate the stakes involved in SaaS breaches — safeguarding the integrity of SaaS apps and their sensitive data is critical but is not easy. Common threat vectors such as sophisticated spear-phishing, misconfigurations and vulnerabilities in third-party app integrations demonstrate the complex security challenges facing IT systems. In the case of Midnight Blizzard, password spraying against a test environment was the initial attack vector. For Cloudflare-Atlassian, threat actors initiated the attack via compromised  OAuth tokens  from a prior breach at Okta, a SaaS identity security provider.  What Exactly Happened? Microsoft Midnight Blizzard Breach Microsoft was targeted by the Russian "Midnight Blizzard" hackers (also known as Nobelium, APT29, or Cozy Bear) who are linked to the SVR, the Kremlin's forei...
Microsoft's Top Execs' Emails Breached in Sophisticated Russia-Linked APT Attack

Microsoft's Top Execs' Emails Breached in Sophisticated Russia-Linked APT Attack

Jan 20, 2024 Cyber Espionage / Emails Security
Microsoft on Friday revealed that it was the target of a nation-state attack on its corporate systems that resulted in the theft of emails and attachments from senior executives and other individuals in the company's cybersecurity and legal departments. The Windows maker attributed the attack to a Russian advanced persistent threat (APT) group it tracks as  Midnight Blizzard  (formerly Nobelium), which is also known as APT29, BlueBravo, Cloaked Ursa, Cozy Bear, and The Dukes. It further said that it immediately took steps to investigate, disrupt, and mitigate the malicious activity upon discovery on January 12, 2024. The campaign is estimated to have commenced in late November 2023. "The threat actor used a  password spray attack  to compromise a legacy non-production test tenant account and gain a foothold, and then used the account's permissions to access a very small percentage of Microsoft corporate email accounts, including members of our senior leadership ...
Expert Insights / Articles Videos
Cybersecurity Resources