Sneak-and-peek Midnight Blizzard attack highlights “worrying flaws” in Microsoft security processes
Microsoft leadership communications were exposed through the Midnight Blizzard brute-force password attack
Russian state-linked cyber criminals gained access to the emails of Microsoft’s senior leadership in an attack that security professionals said highlights “worrying flaws” in the company’s security processes.
The threat group, dubbed ‘Midnight Blizzard’ under Microsoft’s in-house taxonomy, reportedly used a password spray attack to compromise a legacy account. Thereafter, the threat actors used this to access what Microsoft claimed was a “very small percentage” of corporate emails.
Midnight blizzard exfiltrated some emails and attached documents, apparently targeting email accounts for “information related to Midnight Blizzard itself.”
The initial attack began back in November and, months later, has left the top tier of Microsoft communications exposed.
READ MORE
Mike Newman, CEO of My1Login said the incident raises serious concerns over Microsoft security practices.
“This is an alarming security breach that could highlight worrying flaws in Microsoft’s security processes,” he told ITPro.
“With the criminals being able to access the organization’s systems via a password spraying attack, this means Microsoft was using basic, or already compromised passwords, on some of their systems.”
Ironically, Microsoft put out a warning as far back as 2021 about Midnight Blizzard, also known more commonly as Nobelium.
Following a hack of SolarWinds which went undetected for months, Microsoft issued a warning on its Microsoft Security Response Centre that highlighted the exact same “password spray and brute-force attacks” - which Nobelium has since gone on to target Microsoft itself with.
“While Microsoft has claimed that the password spraying attack impacted a legacy non-production account, it still should never have been vulnerable to this sort of assault,” Newman said.
RELATED RESOURCE
Learn about the three common scenarios that make protecting end users difficult
DOWNLOAD NOW
“Organizations need to learn from this incident, because if a tech giant like Microsoft can be breached so easily through passwords, so can they,” he added.
The Microsoft breach is an example of a novel practice employed by some threat groups, given that it was specifically aimed at gathering intelligence on the group itself to ascertain the extent of the company’s knowledge on their activities.
These sorts of breaches, also referred to as reconnaissance attacks, are notoriously difficult to mitigate against.
Threat actors want to make as little noise as possible when undertaking reconnaissance, meaning that they’ll avoid leaving the typical breadcrumb trail of corrupt or stolen data.
This hack on Microsoft isn’t an isolated incident, either.
The threat group APT28 masqueraded as Simple Network Management Protocol (SNMP) to gain access to Cisco routers in 2021.
According to the National Cyber Security Center (NCSA), the group was thought to have obtained “sensitive network information” that allowed them to later install malware on Cisco’s systems.
A similar incident in 2020 saw Russia’s military intelligence service conduct cyber reconnaissance against officials and organizations at the 2020 Olympic and Paralympic games.
-
What is Microsoft Maia?Explainer Microsoft's in-house chip is planned to a core aspect of Microsoft Copilot and future Azure AI offerings
-
If Satya Nadella wants us to take AI seriously, let’s forget about mass adoption and start with a return on investment for those already using itOpinion If Satya Nadella wants us to take AI seriously, let's start with ROI for businesses
-
Microsoft warns of rising AitM phishing attacks on energy sectorNews The campaign abused SharePoint file sharing services to deliver phishing payloads and altered inbox rules to maintain persistence
-
Microsoft just took down notorious cyber crime marketplace RedVDS – and found hackers were using ChatGPT and its own Copilot tool to wage attacks
News Microsoft worked closely with law enforcement to take down the notorious RedVDS cyber crime service – and found tools like ChatGPT and its own Copilot were being used by hackers.
-
These Microsoft Teams security features will be turned on by default this month – here's what admins need to knowNews From 12 January, weaponizable file type protection, malicious URL detection, and a system for reporting false positives will all be automatically activated.
-
The Microsoft bug bounty program just got a big update — and even applies to third-party codeNews Microsoft is expanding its bug bounty program to cover all of its products, even those that haven't previously been covered by a bounty before and even third-party code.
-
Microsoft Teams is getting a new location tracking feature that lets bosses snoop on staff – research shows it could cause workforce pushback
News A new location tracking feature in Microsoft Teams will make it easier to keep tabs on your colleague's activities – and for your boss to know exactly where you are.
-
Microsoft opens up Entra Agent ID preview with new AI featuresNews Microsoft Entra Agent ID aims to help manage influx of AI agents using existing tools
-
A notorious ransomware group is spreading fake Microsoft Teams ads to snare victimsNews The Rhysida ransomware group is leveraging Trusted Signing from Microsoft to lend plausibility to its activities
-
CISA just published crucial new guidance on keeping Microsoft Exchange servers secureNews With a spate of attacks against Microsoft Exchange in recent years, CISA and the NSA have published crucial new guidance for organizations to shore up defenses.
