Microsoft network breached through passwordspraying by Russianstate hackers Ars Technica
News Source : Ars Technica
News Summary
- Access to email accounts belonging to “senior leadership… cybersecurity, and legal" teams using just the permissions of a "test tenant account” suggests that someone gave that test account amazing privileges..
- Microsoft's account raises the prospect that the Russian hackers had uninterrupted access to the accounts for as long as two months.A translation of the 93 words quoted above: A device inside Microsoft’s network was protected by a weak password with no form of two-factor authentication employed..
- A successful password spray attack suggests no 2FA and either reused or weak passwords..
- We are in the process of notifying employees whose email was accessed.Microsoft didn’t detect the breach until January 12, exactly a week before Friday’s disclosure..
- The Russian adversary group was able to guess it by peppering it with previously compromised or commonly used passwords until they finally landed on the right one..
- The investigation indicates they were initially targeting email accounts for information related to Midnight Blizzard itself..
33Russiastate hackers exploited a weak password to compromise Microsofts corporate network and accessed emails and documents that belonged to senior executives and employees working in security an [+3613 chars]