Security News Midnight Blizzard attack highlights “worrying flaws” in Microsoft security

vtqhtr413

Level 27
Thread author
Well-known
Aug 17, 2017
1,609
Midnight blizzard exfiltrated some emails and attached documents, apparently targeting email accounts for “information related to Midnight Blizzard itself.” The initial attack began back in November and, months later, has left the top tier of Microsoft communications exposed. Mike Newman, CEO of My1Login said the incident raises serious concerns over Microsoft security practices. “With the criminals being able to access the organization’s systems via a password spraying attack, this means Microsoft was using basic, or already compromised passwords, on some of their systems.”

Ironically, Microsoft put out a warning as far back as 2021 about Midnight Blizzard, also known more commonly as Nobelium. Following a hack of SolarWinds which went undetected for months, Microsoft issued a warning on its Microsoft Security Response Centre that highlighted the exact same “password spray and brute-force attacks” - which Nobelium has since gone on to target Microsoft itself with.
 

vtqhtr413

Level 27
Thread author
Well-known
Aug 17, 2017
1,609
Russia’s Foreign Intelligence Service (SVR) allegedly hacked into the email accounts of senior leaders at Microsoft, the company said late last week.

In a Friday afternoon statement, Microsoft said it detected a nation-state attack on their corporate systems on January 12 and began an investigation that uncovered a long-running campaign by the prolific hacking group Nobelium — which some researchers refer to as Midnight Blizzard, BlueBravo, and APT29 and believe to be run by the Russian organization responsible for foreign espionage, active measures, and electronic surveillance.

“Beginning in late November 2023, the threat actor used a password spray attack to compromise a legacy non-production test tenant account and gain a foothold, and then used the account’s permissions to access a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions, and exfiltrated some emails and attached documents,” the company said.
 

vtqhtr413

Level 27
Thread author
Well-known
Aug 17, 2017
1,609
Security experts expect many more companies to disclose that they’ve been hacked by Russian intelligence agents who stole emails from executives following disclosures by Microsoft and Hewlett-Packard Enterprise in the past week.

Microsoft said late Thursday that it had found more victims and was in the process of notifying them. A spokesperson declined to say how many. But three experts in and out of government said that the attack was deeper and broader than the disclosures to date reveal.

Two said that more than 10 companies, and perhaps far more, are expected to come forward. The experts asked not to be named so as to maintain relations with the victims.
 

vtqhtr413

Level 27
Thread author
Well-known
Aug 17, 2017
1,609
TeamViewer, the company that makes widely used remote access tools for companies, has confirmed an ongoing cyberattack on its corporate network.

In a statement Friday, the company attributed the compromise to government-backed hackers working for Russian intelligence, known as APT29 (and Midnight Blizzard).

The Germany-based company said its investigation so far points to an initial intrusion on June 26 “tied to credentials of a standard employee account within our corporate IT environment.”

TeamViewer said that the cyberattack “was contained” to its corporate network and that the company keeps its internal network and customer systems separate. The company added that it has “no evidence that the threat actor gained access to our product environment or customer data.”

Martina Dier, a spokesperson for TeamViewer, declined to answer a series of questions from TechCrunch, including whether the company has the technical ability, such as logs, to determine what, if any, data was accessed or exfiltrated from its network.


Microsoft has once more come to the public’s attention because of cybersecurity violations. According to reports, this time, the tech giant shared that an organization of hackers in Russia called Midnight Blizzard could see inside email accounts belonging to a few high-ranking Microsoft managers.

Additionally, this isn’t Microsoft’s first encounter with uninvited digital trespassers. At the start of this year, they dealt with a situation in which Chinese hackers targeted Outlook-based government email accounts in the United States and Europe.

Microsoft has reacted quickly and determinedly to the breaches inflicted by Midnight Blizzard. They’ve initiated the Secure Future Initiative program, which focuses on enhancing their cybersecurity abilities. The company is evidently treating these occurrences with great seriousness, as security has now been declared its highest concern.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top