TECH NEWS – The attack was carried out by the same group that attacked the SolarWinds supply chain in 2020.

The Redmond-based technology company reported that Microsoft was hacked by the Russian government-linked Midnight Blizzard, or Nobelium. Microsoft wrote: “Beginning in late November 2023, the threat actor used a password spray attack to compromise and gain a foothold in a legacy non-production test tenant account, and then used the account’s privileges to access a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions, and exfiltrated some emails and attached documents. The investigation indicates that they initially targeted email accounts for information related to Midnight Blizzard itself. We are in the process of notifying employees whose email was accessed.

The attack was discovered on January 12 by Microsoft (even though it began in November, which did not elaborate on exactly what information Midnight Blizzard/Nobelium was looking for. In 2021, Microsoft followed up the SolarWinds hack with a four-part blog series exposing the Nobelium affair, and the attack prompted several members of the industry to join forces against the most sophisticated nation-state attack in history. MS is also actively fighting Russian cyber-attacks targeting Ukraine, which has put the Redmond-based company in Putin’s crosshairs.

The password spraying attack relies on brute force. The hacker uses common passwords for known usernames, hoping to use a simple password (e.g. 1234).Automated systems can churn through a large number of passwords in a relatively short period of time, and it is difficult to defend against because it targets the vulnerability of the user, not the system.As Login Radius an online security company, defines it:”Hackers can target specific users and cycles by using as many passwords as possible, either from a dictionary or an edited list of common passwords. Password spraying is not a targeted attack; it is simply a bad actor obtaining a list of email accounts or gaining access to an active directory and trying to log into all of them using a list of the most likely, popular, or common passwords until they get a hit.The key takeaway from password spraying is that user accounts with old or common passwords are the weak link that hackers can exploit to gain access to the network.Unfortunately, password spraying attacks are often successful because so many account users fail to follow password protection best practices or choose convenience over security.”

Microsoft says it has no evidence that its artificial intelligence systems, source code, manufacturing systems or consumer environments were accessed by the Russians, and that it applies modern security standards to internal business processes and legacy systems owned by Microsoft. The Russian government-backed attack also means that Microsoft has to rethink the balance between security and business risk, so there may be outages, but it is seen as a necessary step. It is just one step in a long process.

In 2021, the U.S. and several NATO members blamed China for attacks on Microsoft Exchange Server; in 2022, Lapsus$ stole source code for Bing and Cortana; last year, a Chinese hacking group attacked the Azure platform to gain access to email accounts, prompting Tenable CEO Amit Yoran to accuse Microsoft of continually neglecting cybersecurity practices that allowed the Chinese to spy on the U.S. government…

Source: PCGamer