Microsoft and Other Companies Targeted in Russian Hacking Campaign: Insights and Impacts. Microsoft recently disclosed that Russian government spies, who had previously targeted them, are also attacking other organizations. Last Friday, Microsoft announced it fell victim to a hacking operation carried out by these spies. Now, a week later, the company has acknowledged that this espionage effort extends beyond them.
In a recent blog update, Microsoft mentioned that the same perpetrators are now targeting additional organizations, and it has started informing the affected parties as part of its standard notification procedure.
The total number of targeted organizations remains unknown. When sought a specific count of notified victims, Microsoft chose not to disclose any figures.
The hackers, known to Microsoft as Midnight Blizzard, are believed to be affiliated with Russia’s Foreign Intelligence Service, or SVR. Other security agencies refer to this group as APT29 or Cozy Bear.
Microsoft detected this breach on January 12, tracing the campaign’s origins to late November. The hackers utilized a “password spray attack” on an older system lacking multi-factor authentication. This method involves trying to brute-force accounts using common passwords or those from previous data breaches.
Microsoft explained that the hackers fine-tuned their password spray attacks, limiting the attempts to a small number of accounts to evade detection and prevent account lockouts due to multiple failed attempts. The attackers also minimized discovery chances by using a distributed residential proxy infrastructure for these attacks, thereby concealing their activities and maintaining the attack until successful.
Once the hackers accessed an account in this legacy system, they used its permissions to infiltrate a minimal percentage of Microsoft’s corporate email accounts. The exact number of compromised email accounts hasn’t been specified by Microsoft.
Microsoft and Other Companies Targeted in Russian Hacking Campaign: Insights and Impacts
The company noted that the hackers particularly aimed at senior executives and employees in cybersecurity, legal, and other departments, successfully stealing some emails and attached documents. Intriguingly, the hackers seemed interested in discovering what Microsoft knew about them.
Additionally, Hewlett Packard Enterprise (HPE) revealed that its Microsoft-hosted email system was compromised by Midnight Blizzard. HPE was informed of this breach on December 12, without specifying the notifier. According to HPE’s investigation, the hackers accessed and extracted data from a small portion of their mailboxes starting in May 2023.
The connection between this breach and the broader espionage campaign against Microsoft is not yet clear. HPE’s incident was linked to a previous intrusion by the same hackers, who had extracted a limited number of SharePoint files from HPE’s network.
“We lack the specifics of the incident Microsoft encountered and disclosed last week, so we cannot currently correlate the two incidents,” stated HPE spokesperson Adam R. Bauer.
Related Posts:
The Guide to Ethical Hacking(Opens in a new browser tab)
Top Tools for Ethical hacking in 2024(Opens in a new browser tab)
What types of businesses are most at risk for a cyberattack?(Opens in a new browser tab)
What is Healthcare Cybersecurity in organizations?(Opens in a new browser tab)
Fake Google reCAPTCHA used to hide Android banking malware(Opens in a new browser tab)