Once again Microsft was a victim of of a cyber attack. A hacker group named Midnight Blizzard (also known as Nobelium, Cozy Bear or APT29) had access to an internal account: According to Microsoft the "attack was not the result of a vulnerability in Microsoft products or services". However, it is obvious that a number of things went wrong: - Obviously that test account was secured only by a weak password. - Additionally it seems that they didn't use 2FA. - Third, that test account had extensive permissions that allowed access to real internal accounts of even their senior leadership team, ironically among them some of their cybersecurity team. This again shows that security is nothing you should rely upon when using Microsoft products.
Yet another reason to not use the new Outlook which gives them the credentials for ALL of your email accounts.
It is indeed weird that this attack was successful, to say the least. Why wasn't 2FA enabled, and why wasn't it noticed that someone logged into all of these other email accounts? So basically email security on MS's network was non existant. Weren't they using MS Defender for email security? https://www.microsoft.com/en-za/security/business/siem-and-xdr/microsoft-defender-office-365
Yep - and now add to this the new Outlook vulnerability that allows an attacker to get your NTLM v2 hashed passwords via a calendar invitation. It's a disaster.
"The Russian state-sponsored hackers did so after stealing corporate emails from Microsoft back in January. But so far, no customer-facing systems have been compromised... The company didn't specify if any source code was exfiltrated. But the hackers have been using information found in the stolen corporate emails to break into the systems of Microsoft and its customers. This has included trying to guess login passwords..." https://www.pcmag.com/news/microsoft-russian-hackers-accessed-company-source-code
"Microsoft says it hasn’t been able to shake Russian state hacker BOSTON (AP) — Microsoft said Friday it’s still trying to evict the elite Russian government hackers who broke into the email accounts of senior company executives in November and who it said have been trying to breach customer networks with stolen access data..." https://apnews.com/article/microsoft-russian-hack-email-svr-breach-edc1acfc23827e5ae24cce69b95dde4d
So from what I understood, MS was hacked again as result from the first hack, and perhaps even source code was stolen? And MS wants us to take them seriously when it comes to Windows Defender on both home user and corporate machines? While they can't even secure their own systems?
