Executives and IT security personnel at Microsoft were targeted by a espionage campaign of Russian origin, the Redmond firm has just denounced in a blog post. This computer attack, detected on January 12, 2024, was attributed to “Midnight Blizzard”, a group also known as Nobelium. The hackers were able to be expelled from the information system the next day.
According to Washington and London, this group of hackers is affiliated with the foreign intelligence service of the Russian Federation. The United States and the United Kingdom believe that the latter were at work in the hacking of the SolarWinds company. This attack on the Orion monitoring software has since become a textbook case of an attack on the supply chain.
Password spraying
After investigations, Microsoft estimates that the members of Midnight Blizzard would have succeeded in obtaining unauthorized access to a first internal account at the end of November 2023 after “password spraying” – password spraying in French. This term refers to a variation of a brute force attack, with testing simple passwords across multiple accounts and repeated attempts over time to avoid detection.
This first breach, visibly opened thanks to the absence of multi-factor authentication which could have prevented the hack, then allowed hackers to snoop in sensitive messaging, from company executives to cybersecurity specialists or still staff from the legal department. According to Microsoft, the attackers were looking to find out what exactly the publisher knew about Midnight Blizzard.
Reviews
The company wanted to be reassuring, pointing out that currently there is no evidence that the attackers were able to have access to the production system, source code or artificial intelligence systems. But Microsoft has nevertheless announced that it wants to take its IT security up a notch, even if it means disrupting its current business processes.
More will undoubtedly need to be done to regain the trust of specialists. As the Risky Biz News newsletter notes, the announcement of this hack has already led to its share of criticism. It follows by just a few months another spying campaign on its messaging services, this time attributed to Chinese hackers.
Microsoft, the cyber-bulwark
From the start of the conflict between Russia and Ukraine, Brad Smith, president of Microsoft, mentioned acting to protect users and the Ukrainian government against Russian cyberattacks. To the point of being qualified as a cyber-bulwark against Russian attacks targeting kyiv.