Microsoft breach allowed Russian spies to steal emails from US government

April 12, 2024 at 10:41AM CISA warns of Russian spies’ theft of sensitive data from Microsoft’s email system, prompting an Emergency Directive for affected agencies to analyze exfiltrated emails, reset compromised credentials, and enhance security. Microsoft and CISA collaborate to provide metadata on the exfiltrated emails. Security experts criticize Microsoft’s security practices and disclosure approach. … Read more

Russian Hackers Use ‘WINELOADER’ Malware to Target German Political Parties

March 23, 2024 at 02:33AM Russian-linked hacking group, APT29, has been identified using the WINELOADER backdoor in cyber attacks on diplomatic entities and German political parties. The malware, distributed through wine-tasting phishing emails, allowed for espionage activities, marking a shift in APT29’s focus. This discovery coincides with the arrest of a German military officer involved … Read more

Microsoft Confirms Russian Hackers Stole Source Code, Some Customer Secrets

March 8, 2024 at 11:57PM Microsoft disclosed that the Kremlin-backed threat actor Midnight Blizzard gained access to some source code repositories and internal systems following a hack in January 2024. The company stated that it is investigating the extent of the breach and has increased its security investments in response to the attack. The breach … Read more

Russia-Sponsored Cyberattackers Infiltrate Microsoft’s Code Base

March 8, 2024 at 12:32PM The Russian APT group Midnight Blizzard has gained access to Microsoft’s source code and internal systems, posing a serious threat. The attackers, also known as APT29, Cozy Bear, Nobelium, and UNC2452, are escalating their efforts and targeting password-spraying attempts. The breach could lead to zero-day vulnerability exploitation, highlighting the critical … Read more

Microsoft confirms Russian spies stole source code, accessed internal systems

March 8, 2024 at 12:04PM Russian cyberspies breached Microsoft executive email accounts, stealing source code and accessing internal systems. The intrusion by Kremlin-backed “Midnight Blizzard” was initially disclosed in January, with recent evidence showing further unauthorized access. Microsoft reassures no customer systems were compromised. The ongoing investigation reports a significant, sustained threat by the attackers. … Read more

Microsoft says Russian hackers breached its systems, accessed source code

March 8, 2024 at 10:34AM Microsoft discovered that the Russian hacking group ‘Midnight Blizzard’ accessed their internal systems and source code after stealing authentication secrets in January. They gained access using a non-production test account without multi-factor authentication. Microsoft is informing affected customers and increasing security measures to defend against these advanced persistent threats. From … Read more

Russia’s ‘Midnight Blizzard’ Targets Service Accounts for Initial Cloud Access

February 27, 2024 at 04:56PM The threat group “Midnight Blizzard,” associated with Russian intelligence services, has shifted tactics, targeting cloud environments at organizations. Strategies include exploiting automated cloud services accounts, dormant accounts, and using OAuth tokens and MFA bombing attacks for unauthorized access. Mitigations recommended include multifactor authentication, strong passwords, and least privilege principles for … Read more

Russian Cyberspies Targeting Cloud Infrastructure via Dormant Accounts

February 26, 2024 at 12:09PM Russian cyberespionage threat actors are now targeting cloud services as organizations shift to cloud-based infrastructure, warned by government agencies in the Five Eye countries. This includes tactics like brute-force attacks, exploiting dormant accounts, using tokens to bypass multi-factor authentication, and deploying post-compromise tools, as well as utilizing residential proxies to … Read more

Midnight Blizzard and Cloudflare-Atlassian Cybersecurity Incidents: What to Know

February 13, 2024 at 06:39AM The Midnight Blizzard and Cloudflare-Atlassian cyber incidents highlight the vulnerabilities in major SaaS platforms and the complex security challenges they face. Russian hackers breached Microsoft by leveraging legacy accounts and OAuth tokens. Cloudflare’s Atlassian systems were compromised due to unchanged Okta credentials. Such breaches emphasize the need for continuous monitoring … Read more

Microsoft Shares New Guidance in Wake of ‘Midnight Blizzard’ Cyberattack

January 26, 2024 at 03:43PM Microsoft has released new guidance to protect against nation-state attacks like the recent intrusion into its corporate email system by threat group Midnight Blizzard. The attack resulted in compromised accounts and exfiltration of emails and documents. Microsoft advises on protecting against malicious OAuth apps and detecting and mitigating the threat … Read more