Microsoft Network Breached by Russian-State Hackers Through Password-Spraying
In a shocking revelation, Microsoft announced on Friday that its corporate network had been breached by Russian-state hackers. These hackers, belonging to a group known as Midnight Blizzard, were able to exploit a weak password and gain unauthorized access to emails and documents belonging to senior executives and employees working in security and legal teams. This breach marks the second time in recent years that Microsoft’s failure to follow basic security protocols has resulted in a breach that could potentially harm customers.
The attack, which began in late November 2023, involved a password spray attack. The hackers used a technique where they peppered the network with previously compromised or commonly used passwords until they found the right one. Once they gained access to a “legacy non-production test tenant account,” they were able to pivot and access some of the company’s most sensitive employee accounts, including those of senior leadership, cybersecurity, and legal teams.
The breach went undetected for nearly two months until Microsoft finally discovered it on January 12. This raises concerns that the Russian hackers had uninterrupted access to the compromised accounts for an extended period. The fact that the account was not protected by two-factor authentication or had weak password protection allowed the hackers to exploit the system easily.
The implications of this breach are significant. The fact that a test account had such extensive privileges and was not removed after the test raises questions about the company’s security practices. Additionally, the delayed detection of the breach highlights the need for improved monitoring and response systems within Microsoft.
While Microsoft claims that there is no evidence that customer environments, production systems, source code, or AI systems were compromised, some researchers remain skeptical. They question whether the Microsoft 365 service may have been susceptible to similar attack techniques. Kevin Beaumont, a cybersecurity expert with experience working for Microsoft, emphasized the need for transparency and detailed information about the breach to regain trust.
This breach is reminiscent of a similar incident last year when Chinese-state hackers breached Microsoft’s network. In that case, the hackers gained access to Azure and Exchange accounts belonging to multiple customers, including US government departments. The breach was made possible by the compromise of an engineer’s corporate account and the subsequent theft of a key.
In response to these breaches, Microsoft is now accelerating the implementation of its Secure Future Initiative. The company acknowledges the need to strike a better balance between security and business risk and is committed to applying stricter security standards to its legacy systems and internal processes.
The recent breach serves as a wake-up call for Microsoft and highlights the urgent need for improved security measures. As cyber threats continue to evolve, it is crucial for companies to prioritize cybersecurity and take proactive steps to protect their networks and sensitive information. Microsoft’s response to this breach will be closely watched as it works to regain trust and prevent future incidents.