Microsoft Targeted by Russian State-Sponsored Cybercriminals
The threat actor used password spray attacks, leading to compromised Microsoft email accounts.
- Microsoft has revealed that Russian nation-state actors hacked some of its corporate email accounts.
- The group known as Midnight Blizzard or Nobelium reportedly used a password spray attack to compromise employees’ accounts, including senior leadership.
Microsoft has revealed that its corporate systems were hacked in November 2023 by Russian nation-state threat actors. However, the incident was not detected until early in January 2024. The hacking group known as Midnight Blizzard or Nobelium was also behind the SolarWinds supply chain attack of 2020.
According to the Microsoft Security Research Center, the Midnight Blizzard advanced persistent threat actor used a basic password spray attack, which was able to compromise a few poorly protected corporate email accounts. Account users included members of senior leadership, legal teams, and cybersecurity teams. Consequently, the company is pushing for an overhaul of its older systems.
See More: Apple, Qualcomm, and AMD GPUs Susceptible To Putting Artificial Intelligence Data at Risk
According to Microsoft, the hackers were looking for data associated with Midnight Blizzard and were able to exfiltrate several emails and other data attachments. The company was able to cut off access to the compromised accounts following the discovery and has assured customers that hackers did not gain access to AI systems, customer environments, source codes, and production systems.
The incident has highlighted the importance of complying with security best practices. While many sophisticated attack methods are available to threat actors, hackers often succeed with simple methods such as password spraying and brute force attacks. The fact that the threat actors could access Microsoft’s accounts for two months without being noticed also displayed a lack of attention toward security postures, emphasizing the importance of continuously monitoring cloud logs.
What measures do you think will improve compliance with security best practices? Let us know your thoughts on LinkedIn, X, or Facebook. We’d love to hear from you!
Image source: Shutterstock
LATEST NEWS STORIES
- VMware Zero-Day Flaw Exploited by China-Based Hackers for Two Years
- CISA Issues Emergency Directive to Federal Agencies at Risk of Ivanti VPN Hack
- Vulnerability Alert: Nine PixieFail UEFI Vulnerabilities Threaten the Firmware Supply Chain
- Google Continues With Layoffs in 2024, CEO Warns of Further Cuts Ahead