Microsoft Falls Victim to Russia-Backed Midnight Blizzard Cyberattack

  /     /     /  
Publicated : 23/11/2024   Category : security


Microsoft Falls Victim to Russia-Backed Midnight Blizzard Cyberattack


Russian state-sponsored threat actor Nobelium used a basic password-spray attack to breach Microsoft corporate email accounts, including for execs.



Microsofts corporate systems were compromised back in late November by the same Russian nation-state actor behind the
2020 SolarWinds Orion software supply chain cyberattack
, known to Microsoft threat researchers as Midnight Blizzard (aka APT29, Cozy Bear, or Nobelium).
The breach wasnt detected until Jan. 12, the company said.
A preliminary analysis by the Microsoft Security Research Center (MSRC) showed the nation-state advanced persistent threat (APT) actor used a simple password-spray attack to access a test account, leading to the compromise of a very small percentage of Microsoft corporate email accounts, according to a company blog post from Jan. 19. Breached email accounts included those belonging senior leadership, as well as members of the cybersecurity and legal teams, among others, Microsoft said. Apparently, the
Nobelium attacker
was poking around for information Microsoft had on their operation.
In its statement, Microsoft vowed a cybersecurity overhaul of its legacy systems, regardless of the impact to operations.
We will act immediately to apply our current security standards to Microsoft-owned legacy systems and internal business processes, even when these changes might cause disruption to existing business processes,
Microsoft announced
. This will likely cause some level of disruption while we adapt to this new reality, but this is a necessary step, and only the first of several we will be taking to embrace this philosophy.
The successful cyberattack against Microsoft should remind cybersecurity teams not to overlook sensitive information contained less critical systems like email and file sharing, according to a statement from Omri Weinberg, co-founder of DoControl.
Many of these kinds of services are consumed via a software as a service (SaaS) model, which can make security and monitoring more challenging for organizations, Weinberg said.
The fact that the Russian nation-state actor was able to maintain persistence in Microsofts systems for so long also shows a lack of attention to cloud logging, according to Arie Zilberstein, co-founder and CEO of Gem Security.
Surprisingly, the adversary managed to stay persistent in the cloud infrastructure for more than two months before being discovered, Zilberstein said in a statement. We recommend that organizations implement continuous monitoring of their cloud logs so they can spot anomalous activities before attackers can access and exfiltrate sensitive data.
The Nobelium APT
has harried Microsoft and its services before. Last summer, the group launched Teams phishing attacks against government and industrial organizations using compromised Microsoft 365 tenants.

Last News

▸ Sony, XBox Targeted by DDoS Attacks, Hacktivist Threats ◂
Discovered: 23/12/2024
Category: security

▸ There are plenty of online tools for reporting bugs. ◂
Discovered: 23/12/2024
Category: security

▸ 27 Million South Koreans Hit by Online Gaming Theft. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Microsoft Falls Victim to Russia-Backed Midnight Blizzard Cyberattack