HomeSecurity OperationsMicrosoft explains how Russian hackers spied on its executives

Microsoft explains how Russian hackers spied on its executives

Published on

spot_img

Microsoft recently disclosed that its corporate systems were targeted in a nation-state attack by Russian state-sponsored hackers. This comes after the same group was behind the SolarWinds attack. The hackers were able to access the email accounts of Microsoft’s senior leadership team, potentially spying on them for weeks or months.

While the initial SEC disclosure didn’t provide many details on how the attackers gained access, Microsoft has since published an initial analysis of the situation. The hacking group known as Nobelium, or “Midnight Blizzard,” was able to gain access through a password spray attack. This kind of attack involves hackers using a dictionary of potential passwords to gain access to accounts. It was revealed that the breached account didn’t have two-factor authentication enabled, making it easier for the hackers to gain access.

After gaining initial access, the group identified and compromised a legacy test OAuth application that had elevated access to the Microsoft corporate environment. OAuth is a widely used open standard for token-based authentication. This allowed the group to create more malicious OAuth applications and accounts to access Microsoft’s corporate environment and its Office 365 Exchange Online service, which provides email inbox access.

Microsoft has not disclosed the exact number of corporate email accounts that were targeted and accessed. However, it did mention that only a very small percentage of email accounts, including those of senior leadership and employees in cybersecurity, legal, and other functions, were affected.

The attack on Microsoft is part of a larger series of incidents involving the same hacking group. Hewlett Packard Enterprise (HPE) revealed that the hackers had previously gained access to its cloud-based email environment, and the incident was likely related to the exfiltration of a limited number of Microsoft SharePoint files.

This latest cybersecurity incident is another blow to Microsoft, especially following previous attacks on its email servers and the SolarWinds attack. Microsoft’s oversight in not having two-factor authentication on a critical test account is raising concerns in the cybersecurity community.

CrowdStrike CEO George Kurtz expressed his surprise at how a non-production test environment led to the compromise of senior officials at Microsoft. He questioned how this could happen and suggested that there is more to uncover about the incident.

The admission of a lack of two-factor authentication on a crucial test account is a significant oversight by Microsoft. The company claims that if the same non-production test environment were deployed today, mandatory policies and workflows would ensure multi-factor authentication and active protections are enabled. However, Microsoft still has a lot to explain, especially if it wants its customers to believe that it is truly improving its software and services to better protect against security threats.

Ultimately, this incident highlights the ongoing and evolving threats that organizations face in the digital realm. As cyber attacks become more sophisticated, it is essential for companies to constantly reevaluate and enhance their security measures to safeguard their systems and data from malicious actors.

Source link

Latest articles

African Infrastructure Cyberattacks and AI-Powered Threats Increase

In 2023, a noticeable decrease in cyber threats was observed in most major economies...

We belong: Q&A with Miriam Saffer – Creative, pragmatic, and resilient.

MIriam Saffer: about being judged or not believed. If an employee trusts you enough...

The Resounding Boom of Cybersecurity: Understanding the Ever-Expanding Industry

The cybersecurity industry is currently experiencing unprecedented growth and innovation due to a variety...

DVIDS News: AvengerCon VIII – Army Cyber’s Homegrown Hacker Con Makes a Comeback

of the big things we missed was being able to share our experiences among...

More like this

African Infrastructure Cyberattacks and AI-Powered Threats Increase

In 2023, a noticeable decrease in cyber threats was observed in most major economies...

We belong: Q&A with Miriam Saffer – Creative, pragmatic, and resilient.

MIriam Saffer: about being judged or not believed. If an employee trusts you enough...

The Resounding Boom of Cybersecurity: Understanding the Ever-Expanding Industry

The cybersecurity industry is currently experiencing unprecedented growth and innovation due to a variety...
en_USEnglish