Microsoft Hacked!
We started to hear hacking news frequently. Recently, news of a hack came from Microsoft. The company released a statement.
On January 12, 2024, the Microsoft security team detected a nation-state attack on our enterprise systems and immediately activated our response process to investigate and block malicious activity, mitigate the attack, and deny the threat actor further access. Microsoft identified the threat actor as Russian state-sponsored actor Midnight Blizzard, also known as Nobelium. We're sharing this update as part of our ongoing commitment to responsible transparency, which we recently affirmed in our Secure Future Initiative (SFI).
Beginning in late November 2023, the threat actor used a password spray attack to compromise and gain a foothold in an old non-production test tenant account and then used the account's permissions to access a very small percentage of Microsoft corporate email accounts, including its members . Our senior leadership team and employees across our cybersecurity, legal and other functions leaked some emails and attached documents. Investigation shows that they initially targeted email accounts for information related to Midnight Blizzard. We are in the process of informing employees whose emails have been accessed.
The attack was not the result of a vulnerability in Microsoft products or services. So far, there is no evidence that the threat actor has access to customer environments, production systems, source code, or AI systems. We will inform our customers if any action is required.
This attack underscores the persistent risk posed to all organizations by well-resourced nation-state threat actors like Midnight Blizzard. As we said when we announced the Secure Future Initiative (SFI) late last year, we are changing the balance we need to strike between security and business risk (the traditional kind of risk), given the reality of threat actors being resourced and financed by nation states. calculation is no longer enough. For Microsoft, this incident highlighted the urgent need to move even faster. Even if these changes cause disruption to existing business processes, we will take immediate action to apply our existing security standards to Microsoft legacy systems and internal business processes.
This will likely cause some disruption as we adapt to this new reality, but it is a necessary step and only the first of several we will take to embrace this philosophy.
We are continuing our investigation and will take additional action based on the results of this investigation and will continue to work with law enforcement and relevant regulatory authorities. We are committed to sharing more information and learnings so that the community can benefit from both our experiences and observations of the threat actor. We will provide additional details as appropriate.
Microsoft's announcement comes after new US requirements for disclosing cybersecurity incidents went into effect. A Microsoft spokesperson said that while the company did not believe the attack had a material impact, it still wanted to respect the spirit of the rules.
Eric Goldstein, CISA's deputy administrator for cybersecurity, told CNBC that the Cybersecurity and Infrastructure Security Agency is "working closely with Microsoft to obtain additional information about this incident and understand its implications so we can help protect other potential victims." " told. “As noted in Microsoft's announcement, we are not aware of any impacts to Microsoft customer environments or products at this time.”
In late November, the group accessed "an old non-production test tenant account," Microsoft's Security Response Center wrote in its blog post. After gaining access, the group “used the account permissions to access a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees across our cybersecurity, legal, and other functions, and exfiltrated some of the emails and attached documents.” ” “wrote the corporate unit.
The company's senior leadership team, including Chief Financial Proposer Amy Hood and President Brad Smith, meets regularly with CEO Satya Nadella.
Microsoft said it found no indication that Nobelium had accessed customer data, production systems or proprietary source code.
The US government and Microsoft consider Nobelium to be part of the Russian foreign intelligence service SVR. The hacking group was responsible for one of the most prolific breaches in US history by inserting malicious code into updates to SolarWinds' Orion software used by some US government agencies. Microsoft itself fell into the hacking trap.
Nobelium, also known as APT29 or Cozy Bear, is a sophisticated hacking group that attempts to breach the systems of US allies and the Department of Defense. Microsoft also uses the name Midnight Blizzard to describe Nobelium.
He was also involved in the breach of the Democratic National Committee's systems in 2016, along with another Russian hacking group.
Last year, a vulnerability in Microsoft software allowed China-linked hackers to access the email accounts of senior government officials, including Commerce Secretary Gina Raimondo, ahead of a critical US-China meeting. Democratic Senator Ron Wyden of Oregon wrote in a letter to CISA director Jen Easterly and other federal officials that the company's "negligent cybersecurity practices" led to the attack.
In a statement on Monday, Wyden called the latest attack "another completely preventable attack caused by Microsoft's negligence."
"It's inexcusable that Microsoft still doesn't require multi-factor authentication," Wyden told CNBC. “The US government needs to re-evaluate its dependence on Microsoft.”
Microsoft said in its blog post that the company "is continuing our investigation and will take additional actions based on the results of that investigation and will continue to work with law enforcement and appropriate regulators."
The FBI told CNBC it knew about the attack and was working with federal partners to assist.
A fake e-mail arrived from a reliable address this morning. It was suspicious. But how does the trusted account send this e-mail? When I checked their social media accounts, they wrote that their email providers were victims of hacking. No matter how much you trust the links, before you click on them, research them and make sure they are trustworthy.
Remember, the only system without vulnerabilities is the universe. Stay safe..
