Security News Midnight Blizzard attack highlights “worrying flaws” in Microsoft security

vtqhtr413

Level 26
Thread author
Verified
Top Poster
Well-known
Aug 17, 2017
1,527
Midnight blizzard exfiltrated some emails and attached documents, apparently targeting email accounts for “information related to Midnight Blizzard itself.” The initial attack began back in November and, months later, has left the top tier of Microsoft communications exposed. Mike Newman, CEO of My1Login said the incident raises serious concerns over Microsoft security practices. “With the criminals being able to access the organization’s systems via a password spraying attack, this means Microsoft was using basic, or already compromised passwords, on some of their systems.”

Ironically, Microsoft put out a warning as far back as 2021 about Midnight Blizzard, also known more commonly as Nobelium. Following a hack of SolarWinds which went undetected for months, Microsoft issued a warning on its Microsoft Security Response Centre that highlighted the exact same “password spray and brute-force attacks” - which Nobelium has since gone on to target Microsoft itself with.
 

vtqhtr413

Level 26
Thread author
Verified
Top Poster
Well-known
Aug 17, 2017
1,527
Russia’s Foreign Intelligence Service (SVR) allegedly hacked into the email accounts of senior leaders at Microsoft, the company said late last week.

In a Friday afternoon statement, Microsoft said it detected a nation-state attack on their corporate systems on January 12 and began an investigation that uncovered a long-running campaign by the prolific hacking group Nobelium — which some researchers refer to as Midnight Blizzard, BlueBravo, and APT29 and believe to be run by the Russian organization responsible for foreign espionage, active measures, and electronic surveillance.

“Beginning in late November 2023, the threat actor used a password spray attack to compromise a legacy non-production test tenant account and gain a foothold, and then used the account’s permissions to access a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions, and exfiltrated some emails and attached documents,” the company said.
 

vtqhtr413

Level 26
Thread author
Verified
Top Poster
Well-known
Aug 17, 2017
1,527
Security experts expect many more companies to disclose that they’ve been hacked by Russian intelligence agents who stole emails from executives following disclosures by Microsoft and Hewlett-Packard Enterprise in the past week.

Microsoft said late Thursday that it had found more victims and was in the process of notifying them. A spokesperson declined to say how many. But three experts in and out of government said that the attack was deeper and broader than the disclosures to date reveal.

Two said that more than 10 companies, and perhaps far more, are expected to come forward. The experts asked not to be named so as to maintain relations with the victims.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top