Update on Microsoft Actions Following Attack by Midnight Blizzard (NOBELIUM)

Staff

MSRC Blog:

This blog provides an update on the nation-state attack that was detected by the Microsoft Security Team on January 12, 2024. As we shared, on January 19, the security team detected this attack on our corporate email systems and immediately activated our response process. The Microsoft Threat Intelligence investigation identified the threat actor as Midnight Blizzard, the Russian state-sponsored actor also known as NOBELIUM.

As we said at that time, our investigation was ongoing, and we would provide additional details as appropriate.

In recent weeks, we have seen evidence that Midnight Blizzard is using information initially exfiltrated from our corporate email systems to gain, or attempt to gain, unauthorized access. This has included access to some of the company’s source code repositories and internal systems. To date we have found no evidence that Microsoft-hosted customer-facing systems have been compromised.

It is apparent that Midnight Blizzard is attempting to use secrets of different types it has found. Some of these secrets were shared between customers and Microsoft in email, and as we discover them in our exfiltrated email, we have been and are reaching out to these customers to assist them in taking mitigating measures. Midnight Blizzard has increased the volume of some aspects of the attack, such as password sprays, by as much as 10-fold in February, compared to the already large volume we saw in January 2024.

Midnight Blizzard’s ongoing attack is characterized by a sustained, significant commitment of the threat actor’s resources, coordination, and focus. It may be using the information it has obtained to accumulate a picture of areas to attack and enhance its ability to do so. This reflects what has become more broadly an unprecedented global threat landscape, especially in terms of sophisticated nation-state attacks.

Across Microsoft, we have increased our security investments, cross-enterprise coordination and mobilization, and have enhanced our ability to defend ourselves and secure and harden our environment against this advanced persistent threat. We have and will continue to put in place additional enhanced security controls, detections, and monitoring.

Our active investigations of Midnight Blizzard activities are ongoing, and findings of our investigations will continue to evolve. We remain committed to sharing what we learn.

Source:

Update on Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard | MSRC Blog | Microsoft Security Response Center

Update on Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard

msrc.microsoft.com

Click to expand...

Steve C

Well-known member

Power User

VIP

Mar 9, 2024

#2

The solution is for the NSA to launch a cyber attack on Midnight Blizzard if they have not already done so

My Computer

System One

OS

Windows 11 Pro

Computer type

PC/Desktop

Manufacturer/Model

Self build

CPU

Core i7-13700K

Motherboard

Asus TUF Gaming Plus WiFi Z790

Memory

64 GB Kingston Fury Beast DDR5

Graphics Card(s)

Gigabyte GeForce RTX 2060 Super Gaming OC 8G

Sound Card

Realtek S1200A

Monitor(s) Displays

Viewsonic VP2770

Screen Resolution

2560 x 1440

Hard Drives

Kingston KC3000 2TB NVME SSD & SATA HDDs & SSD

PSU

EVGA SuperNova G2 850W

Case

Nanoxia Deep Silence 1

Cooling

Noctua NH-D14

Keyboard

Microsoft Digital Media Pro

Mouse

Logitech Wireless

Internet Speed

50 Mb / s

Browser

Chrome

Antivirus

Defender

antspants

Like a rolling drone.

Pro User

VIP

Mar 9, 2024

#3

Well, for starters they should cease all business with/in Russia. There are articles to say they already did this over the invasion of Ukraine but I have also read that they have recommenced. Hard to get a true handle on what is going on. All I know is that $$$ overrides moral actions.

I dare say that the latest attacks have something to do with Microsofts decision to pull out originally over the invasion of Ukraine.

My Computers

System One System Two

OS

Windows 11 Pro 23H2 Build: 22631.3374

Computer type

PC/Desktop

Manufacturer/Model

Sin-built

CPU

Intel(R) Core(TM) i7-4770K CPU @ 3.50GHz (4th Gen?)

Motherboard

ASUS ROG Maximus VI Formula

Memory

32.0 GB of I forget and the box is in storage.

Graphics Card(s)

Gigabyte nVidia GeForce GTX 1660 Super OC 6GB

Sound Card

Onboard

Monitor(s) Displays

4 x LG 23MP75 1 x 24" LG M38H 1 x 32" LF6300 TV Monitor 1 x Wacom Pro 22" Tablet

Screen Resolution

All over the place

Hard Drives

2 x WD something Something 8TB HDD's / 2 x WD something Something 4TB HDD's / 1 x EVO 1TB SSD / 2 x QVO 1TB SSD's / 1 x EVO 250 GB SSD / 2 x QVO 1TB (External Hub) / 1 x EVO 1TB (Portable Backup Case)

PSU

Silverstone 1500

Case

NZXT Full Tower

Cooling

Noctua NH-D15 Elite Class Dual Tower CPU Cooler / 6 x EziDIY 120mm / 2 x Corsair 140mm somethings / 1 x 140mm Thermaltake something / 2 x 200mm Corsair.

Keyboard

Corsair K95 / Logitech diNovo Edge Wireless

Mouse

Logitech G402 / G502 / Mx Masters / MX Air Cordless

Internet Speed

100/40Mbps

Browser

All sorts

Antivirus

Kaspersky Premium

Other Info

I’m on a horse.
Operating System

Windows 11 Pro 22621.2215

Computer type

Laptop

Manufacturer/Model

LENOVO Yoga 7i EVO OLED 14" Touchscreen i5 12 Core 16GB/512GB

CPU

Intel Core 12th Gen i5-1240P Processor (1.7 - 4.4GHz)

Memory

16GB LPDDR5 RAM

Graphics card(s)

Graphics processor is an Intel Iris Xe

Sound Card

optimized with Dolby Atmos®

Screen Resolution

QHD 2880 x 1800 OLED

Hard Drives

M.2 512GB

Other Info

…still on a horse.

You must log in or register to reply here.

Similar threads

Article

Midnight Blizzard: Microsoft Guidance for responders on nation-state attack

Replies: 4

Views: 2K

Jan 29, 2024

Steve C

Article

Updates on Microsoft's Secure Future Initiative

Replies: 0

Views: 475

Mar 6, 2024

Brink

Article

Microsoft warns about Storm-0324 malware distributed through Teams chats

Replies: 1

Views: 400

Sep 13, 2023

flashh4

Article

Microsoft Copilot for Security generally available on April 1, 2024

Replies: 0

Views: 559

Mar 13, 2024

Brink

Article

Microsoft Xbox welcomes Activision Blizzard King

Replies: 1

Views: 549

Oct 18, 2023

Brink

Completely Disable and Remove Copilot in Windows 11

This tutorial will show you how to completely disable the Windows Copilot feature and remove Copilot from the taskbar, Windows Search, and Microsoft Edge...
Brink

Mar 7, 2024
Enable or Disable Sudo Command in Windows 11

This tutorial will show you how to enable or disable the Sudo command for all users in Windows 11. Starting with Windows 11 build 26052 (Canary and Dev)...
Brink

Feb 8, 2024
Enable or Disable Feeds on Widgets Board in Windows 11

This tutorial will show you how to enable or disable news feeds on the widgets board for your account in Windows 11. Widgets are small windows that display...
Brink

Dec 4, 2023
Use ViVeTool to Enable or Disable Hidden Features in Windows 11

This tutorial will show you how to use ViVeTool to enable or disable hidden features in Windows 10 and Windows 11. ViVeTool is an open source tool that can...
Brink

Dec 1, 2023
Always or Never Combine Taskbar buttons and Hide Labels in Windows 11

This tutorial will show you how to always, when the taskbar is full, or never combine taskbar buttons and hide labels for your account, specific users, or...
Brink

May 24, 2023
Disable Modern Standby in Windows 10 and Windows 11

This tutorial will show you how to disable Modern Standby (S0 Low Power Idle) to enable S3 support on a Windows 10 and Windows 11 device. In Windows 10 and...
Brink

Jan 11, 2022
Disable "Show more options" context menu in Windows 11

This tutorial will show you how to enable or disable having to click on "Show more options" to see the full context menu for your account or all users in...
Brink

Oct 4, 2021
Download Official Windows 11 ISO file from Microsoft

This tutorial will show you how to download an official Windows 11 ISO file from Microsoft. Microsoft provides ISO files for Windows 11 to download. You...
Brink

Aug 19, 2021
Restore Classic File Explorer with Ribbon in Windows 11

This tutorial will show you how to restore the classic File Explorer with Ribbon for your account or all users in Windows 11. File Explorer in Windows 10...
Brink

Jul 19, 2021
Repair Install Windows 11 with an In-place Upgrade

This tutorial will show you how to do a repair install of Windows 11 by performing an in-place upgrade without losing anything. If you need to repair or...
Brink

Jul 5, 2021
Enable or Disable Windows Sandbox in Windows 11

This tutorial will show you how to enable or disable the Windows Sandbox feature for all users in Windows 11 Pro, Enterprise, or Education. Windows Sandbox...
Brink

Jun 30, 2021
Clean Install Windows 11

This tutorial will show you step by step on how to clean install Windows 11 at boot on your PC with or without an Internet connection and setup with a local...
Brink

Jun 22, 2021