Microsoft disclosed on Jan. 19 that a nation-state backed attack occurred beginning in November 2023 in which the Russian state-sponsored threat actor group Midnight Blizzard accessed some Microsoft corporate emails and documents through compromised email accounts.
The attackers gained access in November 2023 using a legacy test tenant account.
From there, they could use that account's permissions to access a small number of Microsoft corporate email accounts - some of those accounts were for senior leadership team members.
Other individuals whose email accounts were accessed work on the cybersecurity and legal teams, among other functions.
The Midnight Blizzard threat actor group used a technique called a password spray attack.
The threat of a password spray attack is a good opportunity to be sure that your organization is using multifactor authentication, keeping tabs on older lapsed and test accounts and running up-to-date SIEM software.
Password spray attacks may be marked by a sharp increase in the number of bad password attempts or by unusually evenly-spaced times between attempts.
This kind of attack may be effective if users are not forced to change their passwords on first login.
Rigorous login detection, strong lockout policies and password managers can cut down on the chance of a password spray attack.
SEE: These are today's trends in ransomware, network infrastructure attacks and other cyber threats.
State-sponsored attacks are a top cybersecurity threat in 2024.
These attacks highlight the need for thorough incident response plans and threat intelligence monitoring, especially among organizations that might be specifically targeted, such as big tech or infrastructure.
This Cyber News was published on www.techrepublic.com. Publication date: Tue, 23 Jan 2024 19:43:04 +0000