Solarwinds hackers ...
 
Notifications
Clear all

Solarwinds hackers Midnight Blizzard attack Microsoft again password spraying

1 Posts
1 Users
0 Reactions
126 Views
Brandon Lee
(@brandon-lee)
Posts: 554
Member Admin
Topic starter
 

The Microsoft security team identified and responded to a cyberattack by a nation-state entity, known as Midnight Blizzard or Nobelium, against Microsoft's corporate systems on January 12, 2024. This proactive response involved a thorough investigation, disruption of the malicious activity, mitigation of the attack, and preventing further access for the attackers. This disclosure aligns with Microsoft's commitment to transparency under the Secure Future Initiative (SFI).

Tracing back to late November 2023, Midnight Blizzard executed a password spray attack, compromising a non-production legacy test tenant account. This breach provided an initial entry point, leading to limited access to Microsoft's corporate email accounts, including those of senior leadership and employees in cybersecurity, legal, and other departments. The attackers managed to exfiltrate some emails and documents, with initial indications suggesting their primary goal was information related to Midnight Blizzard itself. Microsoft is in the process of informing affected employees.

The attack was not due to any vulnerabilities in Microsoft's products or services. Importantly, there's no evidence of the attackers accessing customer data, production systems, source code, or AI systems. Microsoft will inform customers if any response is required on their part.

This incident underscores the ongoing risk from sophisticated nation-state actors like Midnight Blizzard.

In line with the Secure Future Initiative (SFI), Microsoft recognizes the need to reassess the balance between security and business risk. Traditional approaches are inadequate against nation-state funded threats. This incident emphasizes the urgency to upgrade security standards across Microsoft's legacy systems and internal processes, even at the expense of disrupting current business operations.

This shift may cause some initial disruptions, but it's a necessary step in adapting to new security realities. It's part of a broader strategy to enhance security in response to evolving threats.

Microsoft's investigation continues, with plans for further actions based on its findings. The company remains committed to collaboration with law enforcement and regulatory authorities. Additionally, Microsoft intends to share insights and learnings from this incident with the broader community to contribute to collective cybersecurity knowledge. More details will be shared as they become appropriate.

https://msrc.microsoft.com/blog/2024/01/microsoft-actions-following-attack-by-nation-state-actor-midnight-blizzard/

 
Posted : 22/01/2024 2:46 pm