Dan Goodin on Nostr: Microsoft today said that Russian state hackers compromised email accounts of its ...
Microsoft today said that Russian state hackers compromised email accounts of its senior executives by conducting password-spraying attacks. The company said:
"Beginning in late November 2023, the threat actor used a password spray attack to compromise a legacy non-production test tenant account and gain a foothold, and then used the account’s permissions to access a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions, and exfiltrated some emails and attached documents. The investigation indicates they were initially targeting email accounts for information related to Midnight Blizzard itself. We are in the process of notifying employees whose email was accessed."
Does that mean that:
1) a legacy non-production test tenant account" had permissions allowing access to sensitive executive accounts and
2) this tenant account used a weak password?
This sounds like failures to follow really basic security hygiene. I'm tempted to think maybe I'm missing something and that maybe the mistakes aren't as bad as I think. Can someone give me a sanity check?
https://www.sec.gov/Archives/edgar/data/789019/000119312524011295/d708866dex991.htm
"Beginning in late November 2023, the threat actor used a password spray attack to compromise a legacy non-production test tenant account and gain a foothold, and then used the account’s permissions to access a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions, and exfiltrated some emails and attached documents. The investigation indicates they were initially targeting email accounts for information related to Midnight Blizzard itself. We are in the process of notifying employees whose email was accessed."
Does that mean that:
1) a legacy non-production test tenant account" had permissions allowing access to sensitive executive accounts and
2) this tenant account used a weak password?
This sounds like failures to follow really basic security hygiene. I'm tempted to think maybe I'm missing something and that maybe the mistakes aren't as bad as I think. Can someone give me a sanity check?
https://www.sec.gov/Archives/edgar/data/789019/000119312524011295/d708866dex991.htm