Currently making the headlines is the fact that hackers breached Microsoft to see what Microsoft knows about them. The tech giants were breached on Friday.
Let’s be sincere though, if allowed to know wouldn’t you like to know what tech giants know about you? Or worse case scenario what do they have on you? That’s exactly what Russian government hackers want too.
Microsoft revealed that some corporate email accounts, including those of the company’s “senior leadership team and employees in our cybersecurity, legal, and other functions.” had been compromised by the hacking group it names Midnight Blizzard, also known as APT29 or Cozy Bear. It is widely believed that this group is supported by the Russian government.
Strangely, the hackers avoided stealing traditional company information or customer data that they may have been typically expected to target. The corporation claims that they were curious about what Microsoft knew about them, or more precisely, they wanted to know more about themselves.
Related: Google pulls Binance and other global crypto apps from India store
The company stated in a blog post and SEC filing that “The investigation indicates they were initially targeting email accounts for information related to Midnight Blizzard itself,”
Microsoft claims that after employing a “password spray attack” against a legacy account—basically brute forcing—the hackers were able “to access a very small percentage of Microsoft corporate email accounts.”
Microsoft did not provide the precise information that the hackers accessed or stole, nor the number of email accounts that were compromised.
A request for comment was not immediately answered by company spokesmen.
Microsoft used the announcement of this vulnerability as an opportunity to discuss future security improvements.
“For Microsoft, this incident has highlighted the urgent need to move even faster. We will act immediately to apply our current security standards to Microsoft-owned legacy systems and internal business processes, even when these changes might cause disruption to existing business processes,” the company wrote. “This will likely cause some level of disruption while we adapt to this new reality, but this is a necessary step, and only the first of several we will be taking to embrace this philosophy.”
It is often assumed that APT29, also known as Cozy Bear, is a Russian hacking outfit that has carried out several high-profile assaults, including ones against SolarWinds in 2019 and the Democratic National Committee in 2015.
