Security News Midnight Blizzard attack highlights “worrying flaws” in Microsoft security

[vtqhtr413]

Content source

https://www.itpro.com/security/cyber-attacks/sneak-and-peek-midnight-blizzard-attack-highlights-worrying-flaws-in-microsoft-security-processes

Midnight blizzard exfiltrated some emails and attached documents, apparently targeting email accounts for “information related to Midnight Blizzard itself.” The initial attack began back in November and, months later, has left the top tier of Microsoft communications exposed. Mike Newman, CEO of My1Login said the incident raises serious concerns over Microsoft security practices. “With the criminals being able to access the organization’s systems via a password spraying attack, this means Microsoft was using basic, or already compromised passwords, on some of their systems.”

Ironically, Microsoft put out a warning as far back as 2021 about Midnight Blizzard, also known more commonly as Nobelium. Following a hack of SolarWinds which went undetected for months, Microsoft issued a warning on its Microsoft Security Response Centre that highlighted the exact same “password spray and brute-force attacks” - which Nobelium has since gone on to target Microsoft itself with.

Sneak-and-peek Midnight Blizzard attack highlights “worrying flaws” in Microsoft security processes

Microsoft leadership communications were exposed through the Midnight Blizzard brute-force password attack

www.itpro.com

 

[vtqhtr413]

Russia’s Foreign Intelligence Service (SVR) allegedly hacked into the email accounts of senior leaders at Microsoft, the company said late last week.

In a Friday afternoon statement, Microsoft said it detected a nation-state attack on their corporate systems on January 12 and began an investigation that uncovered a long-running campaign by the prolific hacking group Nobelium — which some researchers refer to as Midnight Blizzard, BlueBravo, and APT29 and believe to be run by the Russian organization responsible for foreign espionage, active measures, and electronic surveillance.

“Beginning in late November 2023, the threat actor used a password spray attack to compromise a legacy non-production test tenant account and gain a foothold, and then used the account’s permissions to access a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions, and exfiltrated some emails and attached documents,” the company said.

Russian hackers behind Solarwinds breach accessed emails of senior Microsoft leaders

Russia’s Foreign Intelligence Service (SVR) allegedly hacked into the email accounts of senior leaders at Microsoft, the company said late last week.

therecord.media

 

[vtqhtr413]

Security experts expect many more companies to disclose that they’ve been hacked by Russian intelligence agents who stole emails from executives following disclosures by Microsoft and Hewlett-Packard Enterprise in the past week.

Microsoft said late Thursday that it had found more victims and was in the process of notifying them. A spokesperson declined to say how many. But three experts in and out of government said that the attack was deeper and broader than the disclosures to date reveal.

Two said that more than 10 companies, and perhaps far more, are expected to come forward. The experts asked not to be named so as to maintain relations with the victims.

MSN