Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Home Data Breach Midnight Blizzard: Russian Threat Actors Behind Microsoft Corporate Emails’ Breach
APT-29 Corporate emails Data Breach Microsoft Microsoft Emails Microsoft Security Response Midnight Blizzard Nobelium APT Password spray attacks Russian Hackers

Midnight Blizzard: Russian Threat Actors Behind Microsoft Corporate Emails’ Breach

Microsoft informs that the threat actors launched the attacks in November 2023, in which they carried out a password spray attack.
Saturday, January 20, 2024


On Friday, Microsoft informed that some of its corporate accounts suffered a breach in which some of its data was compromised. The attack was conducted by a Russian state-sponsored hackers group named “Midnight Blizzard.”

The attack was first detected on January 12th, and Microsoft in its initial investigation attributed the attack to the Russian threat actors, known famously as Nobelium or APT-29.

Microsoft informs that the threat actors launched the attacks in November 2023, in which they carried out a password spray attack in order to access a legacy non-production test tenant account. 

Password Spray Attack

A password spray attack is a type of brute force attack where threat actors collect a list of potential login names and then attempt to log in to all of them using a particular password. If that password fails, they repeat this process with other passwords until they run out or successfully breach the account.

Since the hackers were able to access accounts using a brute force attack, it is clear that it lacked two-factor authentication or multi-factor authentication.

Microsoft claims that after taking control of the "test" account, the Nobelium hackers utilized it to access a "small percentage" of the company's email accounts for more than a month.

It is still unclear why a non-production test account would have the ability to access other accounts in Microsoft's corporate email system unless the threat actors utilized this test account to infiltrate networks and move to accounts with higher permissions.

Apparently, these breached accounts include members of Microsoft’s leadership team and employees assigned to the cybersecurity and legal departments, targeted by hackers to steal emails and attachments. 

"The investigation indicates they were initially targeting email accounts for information related to Midnight Blizzard itself," the Microsoft Security Response Center shared in a report on the incident.

"We are in the process of notifying employees whose email was accessed."

Microsoft reaffirms that the incident was caused by the brute force password attack, rather than a vulnerability in their product services.

However, it seems that Microsoft’s poorly managed security configuration played a major role in the success of the breach.

While this investigation is underway, Microsoft stated that they will release more information when it is appropriate.  

Tags: APT-29 Corporate emails Data Breach Microsoft Microsoft Emails Microsoft Security Response Midnight Blizzard Nobelium APT Password spray attacks Russian Hackers
Share it:

APT-29

Corporate emails

Data Breach

Microsoft

Microsoft Emails

Microsoft Security Response

Midnight Blizzard

Nobelium APT

Password spray attacks

Russian Hackers