The Russian hacking group Midnight Blizzard may have accessed Home Office emails as part of the hacking campaign revealed earlier this year.
Freedom of Information (FoI) requests from Recorded Future News indicate that the Russia-backed hacking group was able to access corporate emails and data shared with Microsoft.
The Home Office said its own systems weren't affected, and an Information Commissioner's Office (ICO) spokesperson told Recorded Future that it had concluded that no further action was required.
A spokesperson for the Home Office told ITPro: "There is no evidence that Home Office systems were compromised. We take data security very seriously, with robust reporting mechanisms in place, and continuous monitoring to ensure data is protected."
The attack formed part of a hacking campaign uncovered in January, which saw the attackers leveraging an OAuth app within Microsoft's test tenant.
This granted the hackers elevated permissions, which they were then able to use to gain access to emails from Microsoft and its customers, including members of Microsoft's senior leadership team and staff in its cybersecurity, legal, and other departments.
Midnight Blizzard also gained access to inboxes belonging to the US government.
Microsoft said it was able to identify the attacks in log data by reviewing Exchange Web Services (EWS) activity and using its audit logging features.
"The attack was not the result of a vulnerability in Microsoft products or services,” the company said. “To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems. We will notify customers if any action is required."
However, the news reinforces concerns about Microsoft's dominance, and its own security practices.
In April, the US Department of Homeland Security's Cyber Safety Review Board (CSRB) said Microsoft's security culture was "inadequate and requires an overhaul" following the breach of email accounts at 22 organizations, including some government agencies.
"Governments and organizations are placing their trust in Microsoft when they store their data in its services, so security should be a guarantee. But unfortunately with Microsoft it's not," said Kevin Robertson, COO of Acumen Cyber.
RELATED WHITEPAPER
"In this incident, it was Microsoft’s lack of internal security that caused the attack. It had no MFA deployed on a non-production test tenant account, which provided Midnight Blizzard with initial access.”
He added: “All organizations should see MFA as non-negotiable today, and the fact that Microsoft, the world’s biggest and most prominent tech firm, did not have the function enabled raises very worrying alarm bells. How can the infrastructure of the world be safely built on a company that isn’t practicing basic cyber hygiene? That’s a question that cannot be ignored."
-
Bigger salaries, more burnout: Is the CISO role in crisis?In-depth CISOs are more stressed than ever before – but why is this and what can be done?
-
Cheap cyber crime kits can be bought on the dark web for less than $25News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
So long, Defender VPN: Microsoft is scrapping the free-to-use privacy tool over low uptakeNews Defender VPN, Microsoft's free virtual private network, is set for the scrapheap, so you might want to think about alternative services.
-
Hackers are on a huge Microsoft 365 password spraying spree – here’s what you need to knowNews A botnet made up of 130,000 compromised devices has been conducting a huge password spraying campaign targeting Microsoft 365 accounts.
-
Everything you need to know about the Microsoft Power Pages vulnerabilityNews A severe Microsoft Power Pages vulnerability has been fixed after cyber criminals were found to have been exploiting unpatched systems in the wild.
-
Microsoft is increasing payouts for its Copilot bug bounty programNews Microsoft has expanded the bug bounty program for its Copilot lineup, boosting payouts and adding coverage of WhatsApp and Telegram tools.
-
Hackers are using this new phishing technique to bypass MFA
News Microsoft has warned that a threat group known as Storm-2372 has altered its tactics using a specific ‘device code phishing’ technique to bypass MFA and steal access tokens.
-
A new phishing campaign is exploiting Microsoft’s legacy ADFS identity solution to steal credentials and bypass MFANews Researchers at Abnormal Security have warned of a new phishing campaign targeting Microsoft's Active Directory Federation Services (ADFS) secure access system.
-
Hackers are using Microsoft Teams to conduct “email bombing” attacksNews Experts told ITPro that tactics like this are on the rise, and employees must be trained effectively
-
Microsoft files suit against threat actors abusing AI services
News Cyber criminals are accused of using stolen credentials for an illegal hacking as a service operation
