Russian Hackers Win Big: Microsoft's Senior Exec Team Emails Breached

microsoft-logo-300x300In a Friday regulatory filing, Microsoft has reported that its corporate email accounts were compromised by a Russian state-sponsored hacking group known as Midnight Blizzard, also identified as Nobelium or APT29. Microsoft's disclosure aligns with new U.S. requirements for reporting cybersecurity incidents. The attack was detected on January 12th, 2024, but it appears to have started in November 2023.

The Breach and Attack

The attack involved Russian hackers using a password spray attack to access a legacy non-production test tenant account at Microsoft. Password spraying is a brute force technique where attackers attempt to log in using a list of potential usernames and passwords.

This indicates that the breached account did not have two-factor authentication (2FA) or multi-factor authentication (MFA) enabled, a security practice recommended by Microsoft. Once the hackers gained access to the test account, they used it to access a "small percentage" of Microsoft's corporate email accounts over a month.

Notably, the targeted email accounts included members of Microsoft's leadership team, as well as employees in cybersecurity and legal departments. Microsoft emphasized that this breach was due to a brute force password attack and not a vulnerability in their products or services.

About Nobelium (aka Midnight Blizzard, APT29)

Nobelium is a Russian state-sponsored hacking group, believed to be associated with Russia's Foreign Intelligence Service (SVR). They gained notoriety for their involvement in the 2020 SolarWinds supply chain attack, which impacted both Microsoft and several U.S. government agencies. 

Nobelium is known for conducting cyber espionage, data theft, and developing custom malware for their attacks.
Microsoft stated that the breach did not result in the theft of customer data, access to production systems, or proprietary source code.

Response and Impact

Microsoft is actively investigating the breach and will provide additional details as appropriate. The company has affirmed that the breach did not have a material impact on its operations. The Cybersecurity and Infrastructure Security Agency (CISA) is working closely with Microsoft to assess the incident's impact and protect potential victims. There is no evidence of the hackers accessing customer data or critical systems.

This incident underscores the importance of robust cybersecurity practices, including enabling 2FA/MFA, to protect against password-based attacks. And you might also train your users to create strong pass-phrases...

Are your user’s passwords…P@ssw0rd?

Employees are the weakest link in network security, using weak passwords and falling for phishing and social engineering attacks. KnowBe4’s complimentary Weak Password Test (WPT) checks your Active Directory for several different types of weak password related threats.

wpt02Here's how it works:

  • Reports on the accounts that are affected
  • Tests against 10 types of weak password related threats
  • Does not show/report on the actual passwords of accounts
  • Just download the install and run it
  • Results in a few minutes!

Check Your Passwords

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews