Microsoft has revealed more details about the attack it suffered at the hands of Midnight Blizzard, saying the group stole source code.

Microsoft announced in January that it had suffered an attack by Midnight Blizzard, a Russian state-sponsored group. The grup used “a password spray attack to compromise a legacy non-production test tenant account,” gaining access to email accounts of senior leadership, as well as members of the company’s cybersecurity and legal teams.

At the time, Microsoft said there was no evidence that source code, AI systems, production systems, or customer environments were compromised. The company’s ongoing investigation has revealed that Midnight Blizzard is using the data it stole to continue attacking Microsoft, attacks which have led to the theft of source code.

In recent weeks, we have seen evidence that Midnight Blizzard is using information initially exfiltrated from our corporate email systems to gain, or attempt to gain, unauthorized access. This has included access to some of the company’s source code repositories and internal systems. To date we have found no evidence that Microsoft-hosted customer-facing systems have been compromised.

It is apparent that Midnight Blizzard is attempting to use secrets of different types it has found. Some of these secrets were shared between customers and Microsoft in email, and as we discover them in our exfiltrated email, we have been and are reaching out to these customers to assist them in taking mitigating measures. Midnight Blizzard has increased the volume of some aspects of the attack, such as password sprays, by as much as 10-fold in February, compared to the already large volume we saw in January 2024.

Microsoft minced no words in outlining the seriousness of the attack and its ongoing nature.

Midnight Blizzard’s ongoing attack is characterized by a sustained, significant commitment of the threat actor’s resources, coordination, and focus. It may be using the information it has obtained to accumulate a picture of areas to attack and enhance its ability to do so. This reflects what has become more broadly an unprecedented global threat landscape, especially in terms of sophisticated nation-state attacks.

Microsoft’s current situation underscores the challenges businesses are facing maintaining security amid rising threats.