- cross-posted to:
- [email protected]
- cross-posted to:
- [email protected]
Microsoft reported a breach by Russian group ‘Midnight Blizzard,’ which accessed internal systems and source code using stolen authentication secrets from a January cyberattack. The unauthorized access was facilitated by a compromised non-production test account lacking multi-factor authentication and linked to an OAuth app with elevated privileges. Microsoft is contacting affected customers and has ramped up security measures to counter the persistent threat.
Microsoft does share source code of both client and server versions of Windows with 3rd parties. At some point it was shared also with FSB.