Russian state-linked cyber criminals gained access to the emails of Microsoft’s senior leadership in an attack that security professionals said highlights “worrying flaws” in the company’s security processes.
The threat group, dubbed ‘Midnight Blizzard’ under Microsoft’s in-house taxonomy, reportedly used a password spray attack to compromise a legacy account. Thereafter, the threat actors used this to access what Microsoft claimed was a “very small percentage” of corporate emails.
Midnight blizzard exfiltrated some emails and attached documents, apparently targeting email accounts for “information related to Midnight Blizzard itself.”
The initial attack began back in November and, months later, has left the top tier of Microsoft communications exposed.
READ MORE
Mike Newman, CEO of My1Login said the incident raises serious concerns over Microsoft security practices.
“This is an alarming security breach that could highlight worrying flaws in Microsoft’s security processes,” he told ITPro.
“With the criminals being able to access the organization’s systems via a password spraying attack, this means Microsoft was using basic, or already compromised passwords, on some of their systems.”
Ironically, Microsoft put out a warning as far back as 2021 about Midnight Blizzard, also known more commonly as Nobelium.
Following a hack of SolarWinds which went undetected for months, Microsoft issued a warning on its Microsoft Security Response Centre that highlighted the exact same “password spray and brute-force attacks” - which Nobelium has since gone on to target Microsoft itself with.
“While Microsoft has claimed that the password spraying attack impacted a legacy non-production account, it still should never have been vulnerable to this sort of assault,” Newman said.
RELATED RESOURCE
Learn about the three common scenarios that make protecting end users difficult
DOWNLOAD NOW
“Organizations need to learn from this incident, because if a tech giant like Microsoft can be breached so easily through passwords, so can they,” he added.
The Microsoft breach is an example of a novel practice employed by some threat groups, given that it was specifically aimed at gathering intelligence on the group itself to ascertain the extent of the company’s knowledge on their activities.
These sorts of breaches, also referred to as reconnaissance attacks, are notoriously difficult to mitigate against.
Threat actors want to make as little noise as possible when undertaking reconnaissance, meaning that they’ll avoid leaving the typical breadcrumb trail of corrupt or stolen data.
This hack on Microsoft isn’t an isolated incident, either.
The threat group APT28 masqueraded as Simple Network Management Protocol (SNMP) to gain access to Cisco routers in 2021.
According to the National Cyber Security Center (NCSA), the group was thought to have obtained “sensitive network information” that allowed them to later install malware on Cisco’s systems.
A similar incident in 2020 saw Russia’s military intelligence service conduct cyber reconnaissance against officials and organizations at the 2020 Olympic and Paralympic games.
-
Bigger salaries, more burnout: Is the CISO role in crisis?In-depth CISOs are more stressed than ever before – but why is this and what can be done?
-
Cheap cyber crime kits can be bought on the dark web for less than $25News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
So long, Defender VPN: Microsoft is scrapping the free-to-use privacy tool over low uptakeNews Defender VPN, Microsoft's free virtual private network, is set for the scrapheap, so you might want to think about alternative services.
-
Hackers are on a huge Microsoft 365 password spraying spree – here’s what you need to knowNews A botnet made up of 130,000 compromised devices has been conducting a huge password spraying campaign targeting Microsoft 365 accounts.
-
Everything you need to know about the Microsoft Power Pages vulnerabilityNews A severe Microsoft Power Pages vulnerability has been fixed after cyber criminals were found to have been exploiting unpatched systems in the wild.
-
Microsoft is increasing payouts for its Copilot bug bounty programNews Microsoft has expanded the bug bounty program for its Copilot lineup, boosting payouts and adding coverage of WhatsApp and Telegram tools.
-
Hackers are using this new phishing technique to bypass MFA
News Microsoft has warned that a threat group known as Storm-2372 has altered its tactics using a specific ‘device code phishing’ technique to bypass MFA and steal access tokens.
-
A new phishing campaign is exploiting Microsoft’s legacy ADFS identity solution to steal credentials and bypass MFANews Researchers at Abnormal Security have warned of a new phishing campaign targeting Microsoft's Active Directory Federation Services (ADFS) secure access system.
-
Hackers are using Microsoft Teams to conduct “email bombing” attacksNews Experts told ITPro that tactics like this are on the rise, and employees must be trained effectively
-
Microsoft files suit against threat actors abusing AI services
News Cyber criminals are accused of using stolen credentials for an illegal hacking as a service operation
