Abuse of residential proxy services, password spray key to Midnight Blizzard attacks, warns Microsoft — here's what that means for you

A digital representation of a lock
(Image credit: Altalex)

The recent Midnight Blizzard attacks on Microsoft and HPE may be just the beginning, with the Russian threat actors are already targeting more global organizations, the former has warned.

In its detailed breakdown of the threat actor and the attack on its infrastructure, the Microsoft Threat Intelligence team noted, "This threat actor is known to primarily target governments, diplomatic entities, non-governmental organizations (NGOs) and IT service providers, primarily in the U.S. and Europe."

Midnight Blizzard, also known as Nobelium, APT29, or Cozy Bear, is on the prowl for sensitive data that can be of use to the Russian government, Microsoft added, noting  the campaign is bigger than originally thought, and that other firms are being targeted, as well.

Abusing compromised accounts

To move into corporate infrastructure, Midnight Blizzard uses compromised accounts and OAuth applications. The Russians would use compromised accounts to grant high permissions to OAuth applications. This allows them to maintain access even if the victim spots the attack and updates the login credentials. Their first target is always the email inbox, where they look for important correspondence. 

"They utilize diverse initial access methods ranging from stolen credentials to supply chain attacks, exploitation of on-premises environments to laterally move to the cloud, and exploitation of service providers' trust chain to gain access to downstream customers," it was stated in the report.

Less than a week ago, news broke that Microsoft’s highly-positioned individuals, including senior executives and those working in cybersecurity and legal departments, were targeted. The attackers, Midnight Blizzard, were allegedly able to steal “some emails and attached documents” related to themselves. 

Soon afterward, HPE also said its emails were targeted and a small percentage of them accessed.

More from TechRadar Pro

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Russia
Major Russian hacking group shifts focus to US and UK targets
A smartphone on a sofa showing the WhatsApp, Telegram and Signal apps
Russian criminal gang Star Blizzard found hitting WhatsApp accounts
Closing the cybersecurity skills gap
HPE starts contacting victims of 2023 Russian cyberattack
China
Microsoft says Chinese Silk Typhoon hackers are targeting cloud and IT apps to steal business data
A padlock resting on a keyboard.
Massive botnet is targeting Microsoft 365 accounts across the world
Phishing
Russian cyberattackers spotted hitting Microsoft Teams with new phishing campaign
Latest in Security
Data leak
Top home hardware firm data leak could see millions of customers affected
Representational image depecting cybersecurity protection
Third-party security issues could be the biggest threat facing your business
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Android Logo
Devious new Android malware uses a Microsoft tool to avoid being spotted
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
Latest in News
A business woman looking at AI on a transparent screen
Most businesses are now fully embracing AI - but aren't always protected against the risks
The Samsung Galaxy S25 Edge on display the January 22, 2025 Galaxy Unpacked event.
All three rumored Samsung Galaxy S25 Edge colors shown off in ‘official’ images
Cristiano Ronaldo promotional image for Fatal Fury: City of the Wolves
Yes, Cristiano Ronaldo is a playable character in Fatal Fury: City of the Wolves, and it makes more sense than you think
Buzz Lightyear Space Ranger Spin Rennovations
Disney’s giving a classic Buzz Lightyear ride a tech overhaul – here's everything you need to know
Hisense U8 series TV on wall in living room
Hisense announces 2025 mini-LED TV lineup, with screen sizes up to 100 inches – and a surprising smart TV switch
Nintendo Music teaser art
Nintendo Music expands its library with songs from Kirby and the Forgotten Land and Tetris