Home Office rebuffs claims Russian threat actors accessed emails after Microsoft hack
FoI requests have revealed that the Russia-backed hacking group stole sensitive data, renewing concerns about Microsoft’s security practices
The Russian hacking group Midnight Blizzard may have accessed Home Office emails as part of the hacking campaign revealed earlier this year.
Freedom of Information (FoI) requests from Recorded Future News indicate that the Russia-backed hacking group was able to access corporate emails and data shared with Microsoft.
The Home Office said its own systems weren't affected, and an Information Commissioner's Office (ICO) spokesperson told Recorded Future that it had concluded that no further action was required.
A spokesperson for the Home Office told ITPro: "There is no evidence that Home Office systems were compromised. We take data security very seriously, with robust reporting mechanisms in place, and continuous monitoring to ensure data is protected."
The attack formed part of a hacking campaign uncovered in January, which saw the attackers leveraging an OAuth app within Microsoft's test tenant.
This granted the hackers elevated permissions, which they were then able to use to gain access to emails from Microsoft and its customers, including members of Microsoft's senior leadership team and staff in its cybersecurity, legal, and other departments.
Midnight Blizzard also gained access to inboxes belonging to the US government.
Microsoft said it was able to identify the attacks in log data by reviewing Exchange Web Services (EWS) activity and using its audit logging features.
"The attack was not the result of a vulnerability in Microsoft products or services,” the company said. “To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems. We will notify customers if any action is required."
However, the news reinforces concerns about Microsoft's dominance, and its own security practices.
In April, the US Department of Homeland Security's Cyber Safety Review Board (CSRB) said Microsoft's security culture was "inadequate and requires an overhaul" following the breach of email accounts at 22 organizations, including some government agencies.
"Governments and organizations are placing their trust in Microsoft when they store their data in its services, so security should be a guarantee. But unfortunately with Microsoft it's not," said Kevin Robertson, COO of Acumen Cyber.
RELATED WHITEPAPER
"In this incident, it was Microsoft’s lack of internal security that caused the attack. It had no MFA deployed on a non-production test tenant account, which provided Midnight Blizzard with initial access.”
He added: “All organizations should see MFA as non-negotiable today, and the fact that Microsoft, the world’s biggest and most prominent tech firm, did not have the function enabled raises very worrying alarm bells. How can the infrastructure of the world be safely built on a company that isn’t practicing basic cyber hygiene? That’s a question that cannot be ignored."
-
Thousands of Microsoft Teams users are being targeted in a new phishing campaignNews Microsoft Teams users should be on the alert, according to researchers at Check Point
-
Microsoft warns of rising AitM phishing attacks on energy sectorNews The campaign abused SharePoint file sharing services to deliver phishing payloads and altered inbox rules to maintain persistence
-
Microsoft just took down notorious cyber crime marketplace RedVDS – and found hackers were using ChatGPT and its own Copilot tool to wage attacks
News Microsoft worked closely with law enforcement to take down the notorious RedVDS cyber crime service – and found tools like ChatGPT and its own Copilot were being used by hackers.
-
These Microsoft Teams security features will be turned on by default this month – here's what admins need to know
News From 12 January, weaponizable file type protection, malicious URL detection, and a system for reporting false positives will all be automatically activated.
-
The Microsoft bug bounty program just got a big update — and even applies to third-party codeNews Microsoft is expanding its bug bounty program to cover all of its products, even those that haven't previously been covered by a bounty before and even third-party code.
-
Microsoft Teams is getting a new location tracking feature that lets bosses snoop on staff – research shows it could cause workforce pushback
News A new location tracking feature in Microsoft Teams will make it easier to keep tabs on your colleague's activities – and for your boss to know exactly where you are.
-
Microsoft opens up Entra Agent ID preview with new AI featuresNews Microsoft Entra Agent ID aims to help manage influx of AI agents using existing tools
-
A notorious ransomware group is spreading fake Microsoft Teams ads to snare victimsNews The Rhysida ransomware group is leveraging Trusted Signing from Microsoft to lend plausibility to its activities
