Microsoft said today that it was hacked by a «Russian state-sponsored actor» called Midnight Blizzard, also known as Nobelium. That's the same group of hackers suspected to be responsible for the major SolarWinds supply chain hack that occurred in 2020.
«Beginning in late November 2023, the threat actor used a password spray attack to compromise a legacy non-production test tenant account and gain a foothold, and then used the account’s permissions to access a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions, and exfiltrated some emails and attached documents,» Microsoft wrote.
«The investigation indicates they were initially targeting email accounts for information related to Midnight Blizzard itself. We are in the process of notifying employees whose email was accessed.»
Microsoft didn't elaborate on what information Midnight Blizzard/Nobelium may have been looking for, but there's a long history between the two. In 2021, following the SolarWinds hack, Microsoft posted a four-part blog/video series on the group that «pulls the curtain back on the NOBELUM incident and how world-class threat hunters from Microsoft and around the industry came together to take on the most sophisticated nation-state attack in history.»
Microsoft has also taken an active role in combatting Russian cyber-attacks against Ukraine.
«Password spraying» is a brute force attack in which a hacker hits known valid usernames with common passwords in the hope that someone got lazy and used something like «1234.» Automated systems are often used to roll through a large number of passwords in a relatively short amount of time, and it's tough to defend against because it doesn't exploit vulnerabilities in systems, but in users.
From the website of online security company Login Radius:
Hackers can go after specific users and cycles using as many passwords as possible from
Read more on pcgamer.com