Microsoft Email Accounts Breached by Russian Hacking Group | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

Microsoft Email Accounts Breached by Russian Hacking Group

Microsoft on Friday disclosed that a Russian hacking group has accessed email the accounts of several of its senior leaders.

While the attack took place on January 12, it only came to light when the tech giant revealed it on Friday afternoon through a regulatory filing.

The Microsoft Security Response Center published a blog post on the incident, assuring that the breach had already been dealt with.

According to Microsoft, the attack on its corporate systems had been carried out by the Russian state-sponsored hacking group Midnight Blizzard.

Bizarre Motive: Hackers Breached Microsoft to Seek Information about Themselves

Interestingly, the hackers did not seem interested in stealing any customer data or sensitive corporate information. Instead, they seemed to be seeking information about themselves.

Preliminary investigations indicate that the hacking group was trying to find out what Microsoft knows about Midnight Blizzard by finding relevant information from the breached email accounts.

Also known as Nobelium, Cozy Bear, or APT 29, the threat actor is known for executing a series of high-profile attacks.

This isn’t the first time that the Russia-backed threat actor carried out an attack with the motive to seek out information about itself.

The incident is similar to the infamous SolarWinds breach back in 2020 when software developed by the company was tampered with by Midnight Blizzard.

Using the tampered software to infiltrate US agencies, the hacking group sought to track the US government’s responses to its intrusions.

The blog post by Microsoft confirms that the Russian hackers did gain access to “a very small percentage of Microsoft corporate email accounts”. These included accounts of Microsoft’s senior leadership team members and employees working in the legal and cybersecurity departments.

After detecting the attack on January 12, Microsoft initiated a response process to investigate and disrupt the malicious activity, along with mitigating the attack and preventing any more access for the threat actor.

The hacking group succeeded in exfiltrating some emails and attached documents, Microsoft has revealed.

The tech giant also added that it was currently in the process of notifying employees whose email accounts had been breached in the attack.

How a Breached Legacy Account Granted Access to Other Accounts

Shedding light on how the hackers managed to carry out the attack, Microsoft shared that they had first deployed a “password spray attack”.

Essentially a form of brute force attack, it enabled the threat actor to gain access to a legacy account. Once in, the hackers proceeded to access other Microsoft corporate email accounts by exploiting the permissions on the hacked legacy account.

Microsoft hasn’t yet revealed how many email accounts exactly were compromised in the attack.

While it shared the probable motive behind the attack as discovered by its investigation, the tech giant did not share what information exactly had been accessed by the hackers.

We will act immediately to apply our current security standards to Microsoft-owned legacy systems and internal business processes, even when these changes might cause disruption to existing business processes.Microsoft

Microsoft in its blog post talked about how it plans to move forward and bolster security in the future.

Admitting that it might result in some level of disruption, the company emphasized that it was a necessary step and “only the first” of the several that it plans to take for better cybersecurity.


Click Here For The Original Story From This Source.

National Cyber Security