Russians Hacked Microsoft And Stole Sensitive Data

TRENDING GLOBALLY

-: FOLLOW US :-  @theinsaneapp

Microsoft issued a warning about a security breach in some of its corporate email accounts, with data being stolen by a Russian state-sponsored hacking group known as Midnight Blizzard or Nobelium.

-: FOLLOW US :-  @theinsaneapp

The attack was detected on January 12th, and Microsoft's investigation revealed that it was carried out by Russian threat actors, commonly known as Nobelium or APT29.

-: FOLLOW US :-  @theinsaneapp

The breach occurred in November 2023 when the hackers conducted a password spray attack to access a non-production test tenant account lacking two-factor authentication (2FA) or multi-factor authentication (MFA).

-: FOLLOW US :-  @theinsaneapp

Password spray is a type of brute force attack where the hackers attempt to log in using a list of potential login names and passwords until they succeed or run out of options.

-: FOLLOW US :-  @theinsaneapp

Once the hackers gained access to the test account, they used it to access a "small percentage" of Microsoft's corporate email accounts for over a month, including those of leadership and employees in cybersecurity and legal departments.

-: FOLLOW US :-  @theinsaneapp

Microsoft clarified that the breach was not due to a vulnerability in their products but rather a result of a brute force password attack.

-: FOLLOW US :-  @theinsaneapp

The breached accounts contained emails and attachments, and the hackers were initially targeting information related to Midnight Blizzard.

-: FOLLOW US :-  @theinsaneapp

Nobelium, also known as Midnight Blizzard, APT29, and Cozy Bear, is a Russian state-sponsored hacking group linked to Russia's Foreign Intelligence Service (SVR).

-: FOLLOW US :-  @theinsaneapp

Nobelium gained notoriety for the 2020 SolarWinds supply chain attack, and in June 2021, they breached a Microsoft corporate account, accessing customer support tools.

-: FOLLOW US :-  @theinsaneapp

Microsoft emphasizes that the breach has not materially impacted its operations, and the investigation is ongoing, with additional details to be shared as appropriate.