(RTTNews) - Microsoft Corp. (MSFT) announced that its corporate systems were breached by Russian state-sponsored threat actors in November 2023. However, the intrusion remained undetected until January 2024.
The group responsible for the attack, known as Midnight Blizzard (also APT29, Cozy Bear, or Nobelium), was previously involved in the SolarWinds supply chain attack in 2020.
According to the Microsoft Security Research Center, the attackers utilized a basic password spray attack to compromise several poorly protected corporate email accounts, including those of senior leadership, legal teams, and cybersecurity teams. Consequently, the company is now advocating for an overhaul of its older systems. The breached email accounts contained information sought by the attackers about Microsoft's knowledge of Midnight Blizzard.
Despite the breach, Microsoft has stated that it was able to cut off access to the compromised accounts after the discovery and has assured customers that the hackers did not gain access to AI systems, customer environments, source codes, or production systems.
The company has collaborated with law enforcement and regulators to manage the breach. This incident underscores the importance of adhering to security best practices. Although there are advanced attack methods, hackers often succeed with simple techniques such as password spraying and brute force attacks.
The fact that the threat actors could access Microsoft's accounts for two months without being noticed also revealed a lack of attention to security postures, emphasizing the importance of continuously monitoring cloud logs.
Furthermore, the breach underscores the significance of ongoing cloud log monitoring for security. The successful cyberattack against Microsoft emphasizes the need to protect sensitive information in less critical systems like email and file sharing. Experts suggest implementing continuous monitoring of cloud logs to identify unusual activities before attackers gain access and extract sensitive data.