Continue reading this on our app for a better experience

Open in App
Floating Button

Microsoft warns other firms of Russian-sponsored group in email hacking

Bloomberg
Bloomberg • 3 min read
Microsoft warns other firms of Russian-sponsored group in email hacking
The disclosure is the latest sign that the group’s recent activities have spread beyond Microsoft. Photo: Bloomberg
Font Resizer
Share to Whatsapp
Share to Facebook
Share to LinkedIn
Scroll to top
Follow us on Facebook and join our Telegram channel for the latest updates.

Microsoft Corp. said an account that was compromised by Russia-linked hackers, resulting in a hack of some company emails including senior leaders, didn’t have multifactor authentication enabled.

The hackers “tailored their password spray attacks to a limited number of accounts, using a low number of attempts to evade detection and avoid account blocks based on the volume of failures,” according to a Microsoft blog post published late Thursday.

Cybersecurity experts had previously told Bloomberg News they believed the compromised account wasn’t using multifactor authentication, a basic security measure. That’s because it was hacked using a “password spray” technique that typically involves trying many passwords on a user’s account in an attempt to crack it. Password spraying doesn’t work if multifactor authentication is enabled, said Ru Campbell, a cybersecurity consultant and Microsoft Most Valuable Professional or MVP, who often speaks at conferences about the company’s services.

Senator Ron Wyden, Democrat from Oregon, called the compromise “inexcusable.” 

Multifactor authentication is “cybersecurity 101 and would have prevented this latest attack,” Wyden said in an emailed statement. “This is yet another wholly avoidable hack that was caused by Microsoft’s negligence. The US government needs to reevaluate its dependence on Microsoft.”

A Microsoft representative didn’t respond to a request to comment on Wyden’s remarks.

See also: Microsoft, Amazon and Google are kingmakers for AI start-ups

In its blog, Microsoft also said it has been warning organizations that they were targets of the same Russian-sponsored group that hacked into its executives’ emails late last year. 

The hackers — a group known as Midnight Blizzard or Cozy Bear — have been identified by Microsoft’s Threat Intelligence team as the same cyber-espionage group that “has been targeting other organizations,” according to a blog post Thursday from the technology company.

The disclosure is the latest sign that the group’s recent activities have spread beyond Microsoft. On Wednesday, Hewlett Packard Enterprise Co. reported a breach of its cloud-based email system that it said was likely caused by Midnight Blizzard.

See also: IBM rallies most in four years on rosy outlook for 2024

Last week, Microsoft disclosed that the group compromised a “legacy non-production test tenant account” and used it as a foothold to access a “small number” of email accounts, including those of senior leadership and employees who work in cybersecurity and legal. The hackers were initially targeting emails for information about Midnight Blizzard itself, Microsoft said. 

Last year, Wyden called on government officials to investigate an intrusion of Microsoft Exchange online that enabled the hack of US government emails, including the account of Commerce Secretary Gina Raimondo.

HPE, an information technology provider, said it was notified on Dec. 12 that a nation-state hacking group breached its email systems. Investigators believe the hackers accessed and infiltrated data beginning in May using a small percentage of HPE mailboxes from employees working in cybersecurity and other areas.

The US government has linked the hacking group, also known as Nobelium, to Russia. The same group previously breached SolarWinds Corp. in a massive cyber-espionage campaign against several federal agencies.

(Updated on Jan 27 with additional information starting in fifth paragraph.)

Highlights

Re test Testing QA Spotlight
1000th issue

Re test Testing QA Spotlight

Get the latest news updates in your mailbox
Never miss out on important financial news and get daily updates today
×
The Edge Singapore
Download The Edge Singapore App
Google playApple store play
Keep updated
Follow our social media
© 2024 The Edge Publishing Pte Ltd. All rights reserved.