HomeSecurity OperationsMicrosoft explains how Russian hackers spied on its executives

Microsoft explains how Russian hackers spied on its executives

Published on

spot_img

Microsoft recently disclosed that its corporate systems were targeted in a nation-state attack by Russian state-sponsored hackers. This comes after the same group was behind the SolarWinds attack. The hackers were able to access the email accounts of Microsoft’s senior leadership team, potentially spying on them for weeks or months.

While the initial SEC disclosure didn’t provide many details on how the attackers gained access, Microsoft has since published an initial analysis of the situation. The hacking group known as Nobelium, or “Midnight Blizzard,” was able to gain access through a password spray attack. This kind of attack involves hackers using a dictionary of potential passwords to gain access to accounts. It was revealed that the breached account didn’t have two-factor authentication enabled, making it easier for the hackers to gain access.

After gaining initial access, the group identified and compromised a legacy test OAuth application that had elevated access to the Microsoft corporate environment. OAuth is a widely used open standard for token-based authentication. This allowed the group to create more malicious OAuth applications and accounts to access Microsoft’s corporate environment and its Office 365 Exchange Online service, which provides email inbox access.

Microsoft has not disclosed the exact number of corporate email accounts that were targeted and accessed. However, it did mention that only a very small percentage of email accounts, including those of senior leadership and employees in cybersecurity, legal, and other functions, were affected.

The attack on Microsoft is part of a larger series of incidents involving the same hacking group. Hewlett Packard Enterprise (HPE) revealed that the hackers had previously gained access to its cloud-based email environment, and the incident was likely related to the exfiltration of a limited number of Microsoft SharePoint files.

This latest cybersecurity incident is another blow to Microsoft, especially following previous attacks on its email servers and the SolarWinds attack. Microsoft’s oversight in not having two-factor authentication on a critical test account is raising concerns in the cybersecurity community.

CrowdStrike CEO George Kurtz expressed his surprise at how a non-production test environment led to the compromise of senior officials at Microsoft. He questioned how this could happen and suggested that there is more to uncover about the incident.

The admission of a lack of two-factor authentication on a crucial test account is a significant oversight by Microsoft. The company claims that if the same non-production test environment were deployed today, mandatory policies and workflows would ensure multi-factor authentication and active protections are enabled. However, Microsoft still has a lot to explain, especially if it wants its customers to believe that it is truly improving its software and services to better protect against security threats.

Ultimately, this incident highlights the ongoing and evolving threats that organizations face in the digital realm. As cyber attacks become more sophisticated, it is essential for companies to constantly reevaluate and enhance their security measures to safeguard their systems and data from malicious actors.

Source link

Latest articles

OkoBot Malware Exploits ClickFix and SeedHunter to Steal Seed Phrases from Ledger and Trezor Devices

A newly identified malware framework known as OkoBot has emerged, specifically targeting cryptocurrency users...

Why AI in Healthcare Requires Enhanced Data Oversight

Attorney Jordan Cohen of Akerman Addresses AI Challenges in Healthcare In a rapidly evolving landscape...

When 80,000 Fans Log On at Once: Unique Cybersecurity Issues of the 2026 World Cup

In light of the imminent 2026 World Cup, which will unfold across sixteen cities...

NPM Ecosystem Faces Two New Supply Chain Compromises

Malicious Code Discovered in npm Packages: A Growing Threat In a troubling development within the...

More like this

OkoBot Malware Exploits ClickFix and SeedHunter to Steal Seed Phrases from Ledger and Trezor Devices

A newly identified malware framework known as OkoBot has emerged, specifically targeting cryptocurrency users...

Why AI in Healthcare Requires Enhanced Data Oversight

Attorney Jordan Cohen of Akerman Addresses AI Challenges in Healthcare In a rapidly evolving landscape...

When 80,000 Fans Log On at Once: Unique Cybersecurity Issues of the 2026 World Cup

In light of the imminent 2026 World Cup, which will unfold across sixteen cities...