Microsoft said Friday evening that it had been the victim of a cyberattack of Russian origin. The hackers managed to enter the messaging system, up to the company’s senior management.
This is an attack that the American giant Microsoft does not and should not take lightly. On Friday, the firm at the window revealed that Russian hackers, supported by Moscow, managed to penetrate its messaging system, accessing the accounts of several of its executives. The company indicates that the incident, which began at the end of November, was not detected until a month and a half later, on January 12.
A dangerous intrusion at Microsoft detected late, but contained
Russian hackers, linked to the Foreign Intelligence Service of the Russian Federation, the SVR, exploited an outdated test account to access the accounts of members of the management and teams of the cybersecurity and legal sections of the company.
The attack is based on the technique known as “password spraying”, the password spraying. Rather than trying various passwords for a single account, this technique aims to bypass security measures by using a commonly used password across multiple accounts, thereby increasing the chances of success. It immediately exposes the weaknesses of users adopting common passwords and highlights the importance of password security.
In any case, the attack suffered by Microsoft allowed access to a “ very small percentage » accounts, but it was enough to steal some emails and attached documents. And if the company indicates that the incident had no material impact on its operations, the new rules of the American agency for regulation and supervision of financial markets require it, like us Europeans with the GDPR, to disclose any such violation.
A cyberattack aimed at intelligence collection
The hackers were able to exploit an outdated account which highlights the need for constant vigilance. Microsoft has confirmed that the attack did not exploit vulnerabilities in its products or services, instead focusing on compromising credentials. In other words: at this stage, no end user has been impacted.
Regarding the political aspect of the cyberattack, Microsoft today attributes it to the Russian group Midnight Blizzard, better known as Cozy Bear, thanks to Google’s cyber company, Mandiant. If you have a good memory, you will remember that it was this same hacker collective that was involved in the sophistication of the SolaWinds hacking campaign in 2021. The attack affected numerous US government agencies and companies.
Finally, regarding the support this group benefits from, it should be remembered that the SVR, the Russian agency, mainly aims to collect intelligence. So obviously, spying on the emails of Microsoft executives was well regarded. But the company says no access to customer environments, source code, production systems, or artificial intelligence systems has been demonstrated.
Source : Reuters
12