Summary:
Microsoft revealed this week that they were potentially targeted by the Russian state-sponsored hacking group Midnight Blizzard. The group targeted a senior employee at the company by utilizing a password spray attack to infiltrate a legacy non-production test tenant account. This allowed them to gain access to the email accounts of Microsoft’s leadership team and employees in cybersecurity and legal departments.

Security Officer Comments:
The group is believed to have compromised credentials on the legacy test account, indicating the potential use of outdated code. Microsoft says a small percentage of corporate accounts were accessed, leading to the theft of some emails and attached documents. The incident began in November, and was discovered last week on January 12th. Microsoft was able to remove the attackers access from the compromised accounts on the 13th.

Microsoft is still investigating the full extent of the breach, and is working on attributing the activity. The company says they have “taken swift action to further protect its employees and customers from such threats. Microsoft is currently notifying employees whose emails were accessed and will inform customers if any action is required”. CISA says they are collaborating closely with Microsoft to assess the incident’s impact and safeguard potential victims.

Suggested Corrections:
“In the wake of this incident, Microsoft has urged all its employees to remain vigilant and adhere to best practices for digital security. The breach could potentially have a negative impact on their business and has emphasized the importance of enabling robust cybersecurity practices including 2FA/MFA to protect against password-based attacks. This incident serves as a stark reminder of the escalating sophistication of cyber-attacks and the importance of robust cybersecurity for individuals and corporations alike” (BNN Breaking, 2024).

Link(s):
https://bnnbreaking.com/tech/cybers...oyees-email-account-breached-in-cyber-attack/