Microsoft was Compromised by State-Sponsored Hackers that it was Actively Investigating.
Microsoft was Compromised by State-Sponsored Hackers that it was Actively Investigating.
Microsoft has confirmed that a group known as Midnight Blizzard (sometimes referred to as APT29 or Cozy Bear) successfully infiltrated a Microsoft legacy non-production test tenant account, resembling a spy-vs-spy situation.
As per Microsoft, the organization successfully gained access to the account in November by employing a password spray attack, which is a form of brute force attack involving repeated attempts of various logins until a successful one is found. Utilizing this initial access point, the hackers infiltrated some Microsoft corporate email accounts and successfully pilfered a selection of emails and their accompanying documents.
Cozy Bear, commonly associated with the Russian Foreign Intelligence Service (SVR), displayed an evident interest in discovering the extent of information collected by Microsoft regarding its activities. Cozy Bear is widely attributed to the SolarWinds attack and the targeting of several US organizations, such as the State Department, the White House, and the DNC. During each of these instances, the Dutch promptly notified the US intelligence agencies.
Microsoft’s investigation revealed that the group’s objective was not to obtain customer data or corporate information, but rather something more personal:
“The research suggests that their primary objective was to get access to email accounts in order to obtain information pertaining to Midnight Blizzard.” |
Currently, there is no information indicating that the threat actor had any form of access to client environments, production systems, source code, or AI systems. However, the investigation is still in progress. Microsoft has pledged to furnish supplementary information as deemed suitable.
In general, as the size of an organization increases, so does its attack surface. However, organizations such as Microsoft are expected to have more stringent security measures in place. Indeed, it is also a vendor of security software. It is surprising to many that Cozy Bear managed to remain unnoticed for several months.
Evidently, Microsoft has been alarmed by the attack and has expressed the urgency to accelerate its cyber-protection advancement project, known as the Secure Future Initiative, due to the substantial funding and resources possessed by the attackers.
“We shall promptly implement our existing security protocols to Microsoft-owned outdated systems and internal business procedures, even if these modifications may affect ongoing company operations.” |
This attack can be interpreted as a cautionary message to any organization possessing information that may be of significance to foreign governments.
As a business expands, the likelihood of having legacy accounts increases, and these accounts may potentially be overlooked or disregarded. Analogize the organization to an office building: The greater the number of doors and windows (pun intended), the higher the probability that one of them is left open. If there are offices that are no longer in use, the probability of an opening increases significantly.
About The Author:
Yogesh Naager is a content marketer who specializes in the cybersecurity and B2B space. Besides writing for the News4Hackers blog, he’s also written for brands including CollegeDunia, Utsav Fashion, and NASSCOM. Naager entered the field of content in an unusual way. He began his career as an insurance sales executive, where he developed an interest in simplifying difficult concepts. He also combines this interest with a love of narrative, which makes him a good writer in the cybersecurity field. In the bottom line, he frequently writes for Craw Security.
READ MORE ARTICLE HERE
“The Largest Breach of All Times”: The Discovery of 26 Billion Records Found Online
A Man Presenting as a Manager of Flipkart is Arrested in a ₹13 Crore Cryptocurrency Scam; Dehradun Police Bust Group Across 12 States