Microsoft detailed a hacker attack on its systems, which allowed access to corporate emails of company leaders. The hack was possible because there was a test account without two-factor authentication. It was from this that the attackers gained access to the platforms. The company attributes the action to the Russian group Midnight Blizzard and warns that other organizations are at risk.
The attack was revealed on January 19, when Microsoft reported the incident to the SEC, the entity responsible for overseeing the financial market in the US. This Friday (26), the company published the details on its blog.
The intrusion used the password spray technique, also known as password spray. In this technique, hackers use a few common passwords (sometimes just one) to try to get into multiple accounts at the same time. According to Microsoft, the group “adapted its password spraying attacks to a limited number of accounts, using few attempts to avoid detection.”
It worked. The attackers were able to get into a legacy, non-productive test account, in Microsoft’s own words. This means that this account was not used for work, only for testing an old environment. It didn’t have two-factor authentication (2FA). That would have prevented the attack.
With access to this account, the hackers compromised a test application with OAuth authentication and used it to gain more access to Microsoft’s systems.
Hackers May Have Attacked Other Organizations
Microsoft says the group known as Midnight Blizzard was responsible for the hack. He is also known as Nobelium, APT29, and Cozy Bear. The hackers are suspected to be working in the service of Russia’s Foreign Intelligence Service.
The company says the hackers gained access to a very small number of Microsoft corporate email accounts, in the areas of leadership, cybersecurity and legal. Interestingly, the hackers’ goal seemed to be to find out information about themselves, to find out what the company knew.
In addition, Microsoft claims that the same attackers have been attacking other organizations, which are being notified by the company. Hewlett Packard Enterprise, HP’s business customer arm, revealed that its email system was also hacked. The service is hosted by Microsoft. The Midnight Blizzard group was also responsible for this attack.