Microsoft recently disclosed a nation-state attack on its corporate systems from Russian state-sponsored hackers. It turns out the Windows maker was not the only target of this hacking campaign. The same group of attackers has also been targeting other organizations.
Microsoft sheds more light on the recent Russian attack
On January 12, Microsoft’s security team detected a breach in its corporate systems and immediately activated its response process to mitigate the attack. An internal investigation revealed that the hacker group Nobelium, believed to be working for Russia’s Foreign Intelligence Service, was behind the attack. The group also carried out the sophisticated SolarWinds attack in 2020.
Microsoft referred to the attackers as Midnight Blizzard—other industry names of the hackers include Cozy Bear, APT29, and The Dukes. According to the company, the attack began in late November last year and was not the result of a vulnerability in its products or services. Instead, the attackers “used a password spray attack to compromise a legacy non-production test tenant account” to access its systems.
In this attack, the threat actors try to sign into accounts by using the most popular or most likely passwords. The compromised account did not have multifactor authentication (MFA) enabled, which made the job easier for the hackers. Midnight Blizzard also employed other techniques to evade detection and avoid account blocks, including “launching these attacks from a distributed residential proxy infrastructure.”
These techniques obfuscated their activity, allowing them to persist the attack until successful. The breach exposed the corporate email accounts of “a very small percentage” of Microsoft employees across various internal divisions, including cybersecurity and legal. The tech giant found that Midnight Blizzard initially targeted email accounts for information related to itself. The attackers seemingly wanted to find out what Microsoft knew about them.
The group is targeting more organizations
In a new blog post, Microsoft revealed that Midnight Blizzard has also been targeting other organizations, likely with a similar intent. The firm didn’t name the organizations that might be under attack from Russian state-sponsored hackers but said it has already begun notifying them. It added that the investigation is still ongoing. The Windows maker plans to share more details as appropriate.
Meanwhile, Hewlett Packard Enterprise (HPE) recently revealed that Midnight Blizzard gained unauthorized access to its cloud-based email environment, hosted by Microsoft. This attack might be part of the same espionage campaign run by the Russian hackers. As of this writing, there is no report that these attacks compromised customer data. We will keep a close eye on it and let you know as soon as we have more information.
The post Microsoft exposes Russian hackers targeting global organizations appeared first on Android Headlines.