Microsoft infiltrated by Russian hackers

• Microsoft, the global technology giant, revealed on January 19, 2024 that it had fallen victim to a sophisticated cyber attack orchestrated by a Russian hacking group known as Nobelium or Midnight Blizzard.
• The attack began in late November 2023 and involved a password spray attack to compromise a legacy non-production test tenant account and gain a foothold in Microsoft’s corporate systems.
• The hackers were able to access a very small percentage of Microsoft corporate email accounts, including members of its senior leadership team and employees in its cybersecurity, legal, and other functions, and exfiltrated some emails and attached documents.
• The investigation indicates they were initially targeting email accounts for information related to Midnight Blizzard itself.
• Microsoft said the attack was not the result of a vulnerability in its products or services, and there is no evidence that the hackers had any access to customer environments, production systems, source code, or AI systems.
• Microsoft is continuing its investigation and will take additional actions based on the outcomes of this investigation and will continue working with law enforcement and appropriate regulators.
• Microsoft also said this incident has highlighted the urgent need to move even faster and apply its current security standards to Microsoft-owned legacy systems and internal business processes, even when these changes might cause disruption to existing business processes.

What is a password spray attack?

A password spray attack is a type of brute force attack in which a hacker tries to use the same password on multiple accounts before moving on to try another one. This attack is often effective because many users use simple and easy-to-guess passwords, such as “password” or “123456”. Password spraying attacks can be used to gain unauthorized access to sensitive information or systems.

To prevent password spraying attacks, you should use strong and unique passwords for each of your accounts, and enable multi-factor authentication where possible. You should also avoid using default or common passwords, and change your password regularly. If you suspect that your account has been compromised by a password spray attack, you should reset your password immediately and report the incident to your IT department or service provider.

Who are Nobelium or Midnight Blizzard?

Nobelium or Midnight Blizzard is a Russian state-sponsored hacking group that is believed to be part of Russia’s Foreign Intelligence Service (SVR). The group has been linked to numerous cyberattacks over the years, such as the SolarWinds breach in 2020, the US Agency for International Development (USAID) email compromise in 2021, and the recent Microsoft corporate email theft in 2024. The group is known for its sophisticated and stealthy techniques, such as using compromised software updates, phishing emails, and password spraying attacks to gain access to sensitive information and systems. The group’s motives and targets are often related to geopolitical interests, such as spying on government agencies, think tanks, NGOs, and other organizations.

David Frein

Abet News | January 22, 2024

Related Posts