- Aug 17, 2017
- 1,609
Midnight blizzard exfiltrated some emails and attached documents, apparently targeting email accounts for “information related to Midnight Blizzard itself.” The initial attack began back in November and, months later, has left the top tier of Microsoft communications exposed. Mike Newman, CEO of My1Login said the incident raises serious concerns over Microsoft security practices. “With the criminals being able to access the organization’s systems via a password spraying attack, this means Microsoft was using basic, or already compromised passwords, on some of their systems.”
Ironically, Microsoft put out a warning as far back as 2021 about Midnight Blizzard, also known more commonly as Nobelium. Following a hack of SolarWinds which went undetected for months, Microsoft issued a warning on its Microsoft Security Response Centre that highlighted the exact same “password spray and brute-force attacks” - which Nobelium has since gone on to target Microsoft itself with.
Sneak-and-peek Midnight Blizzard attack highlights “worrying flaws” in Microsoft security processes
Microsoft leadership communications were exposed through the Midnight Blizzard brute-force password attack
www.itpro.com