Hot off the press! Microsoft Security Response Center (MSRC) posted an update on the Midnight Blizzard (aka APT29 or Cozy Bear, publicly attributed to Russian Foreign Intelligence Service (SVR) by the U.S. Government) post-attack activity. This includes attempts to gain access to source code repositories and internal systems, and increased volume of password spray attacks. "To date we have found no evidence that Microsoft-hosted customer-facing systems have been compromised. " Microsoft is also notifying customers of secrets that were shared between customers and Microsoft in previously exfiltrated emails. No IOC.
🔗 https://msrc.microsoft.com/blog/2024/03/update-on-microsoft-actions-following-attack-by-nation-state-actor-midnight-blizzard/

cc: @campuscodi @serghei @briankrebs @GossiTheDog

#Microsoft #Russia #MidnightBlizzard #APT #APT29 #CozyBear #cyberespionage #threatintel