- 23 January، 2024
- Posted by:
- Category: Uncategorized
Last Friday, Microsoft revealed that it was the target of a cyber attack on its corporate systems that resulted in the theft of emails and attachments from senior executives and other individuals in the company’s cybersecurity and legal departments.
The technology giant labeled the compromise as “nation state,” while Survivability News and its holding company MLi Group have classified it as a clear “Geo-Poli-Cyber™ motivated attack”.
In its statement, Microsoft attributed the attack to a Russian advanced persistent threat (APT) group it tracks as Midnight Blizzard (formerly Nobelium), which is also known as APT29, BlueBravo, Cloaked Ursa, Cozy Bear, and The Dukes.
It further said that it immediately took steps to investigate, disrupt, and mitigate the malicious activity upon discovery on January 12, 2024. The campaign is estimated to have commenced in late November 2023.
“The threat actor used a password spray attack to compromise a legacy non-production test tenant account and gain a foothold, and then used the account’s permissions to access a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions, and exfiltrated some emails and attached documents,” Microsoft said in its statement.
It also said that the nature of the targeting indicates the threat actors were looking to access information related to themselves. It also emphasized that the attack was not the result of any security vulnerability in its products and that there is no evidence that the adversary accessed customer environments, production systems, source code, or AI systems.
Microsoft, however, did not disclose how many email accounts were infiltrated, and what information was accessed, but said it was the process of notifying employees who were impacted as a result of the incident.
On this matter, a senior MLi Group Geo-Poli-Cyber™ and Survivability risk and mitigation expert said, “when will top and middle level corporate. regulators and government decision makers learn that the best-in-class cyber security strategies and vendor motivated tech solutions are today handicapped and incapable of defending corporate security and their customers, or national sovereignties, let alone mitigating such risks effectively.
The MLi Group expert then added, “what is happening to tech giants like Microsoft, Amazon today is alarming. A few years ago they were believed to be un-hackable due to their size and the billions they spend per year on cyber security.
Today, they are getting hacked with regularity and with devastating consequences on many levels, such as financial, trust, brand name value etc. Consider that Apple had to Patch its IOS operating system at least 18 times in 2023 after cyber compromises.
Top decision makers cannot afford to keep relying on what keeps failing. They need to start asking, how can MLi Group’s Survivability Strategy, Solutions and Services succeed in effectively mitigation their comprehensive risk exposure, where cyber security continues failing, and before they are cyber compromised which can happen any time.”
The hacking outfit Microsoft claims perpetrated the attack, and which was previously claimed to be responsible for the high-profile SolarWinds supply chain compromise, has singled out Microsoft twice, once in December 2020 to siphon source code related to Azure, Intune, and Exchange components, and a second time breaching three of its customers in June 2021 via password spraying and brute-force attacks.
While the highly cyber security experienced people at Microsoft’s Security Response Center (MSRC) said, “This attack does highlight the continued risk posed to all organizations from well-resourced nation-state threat actors like Midnight Blizzard,”