"Russian Spies Brute Force Senior Microsoft Staff Accounts"

Russian state hackers recently managed to compromise the email accounts of some of Microsoft’s senior leadership team members using basic brute-force techniques.  Microsoft revealed on Friday that the “Midnight Blizzard” group (aka Nobelium, APT29, Cozy Bear) was detected on its systems on January 12.  The fact that brute-force tactics worked indicates that the compromised email accounts were not protected with multi-factor authentication (MFA).  Password spray attacks involve threat actors trying commonly used and easy-to-guess passwords to unlock multiple accounts at once.  Microsoft noted that beginning in late November 2023, the threat actor used a password spray attack to compromise a legacy non-production test tenant account and gain a foothold, and then used the account’s permissions to access a very small percentage of Microsoft corporate email accounts, including members of their senior leadership team and exfiltrated some emails and attached documents.  Microsoft added that there’s no evidence the state hacking group, which is thought to be linked to Russia’s foreign intelligence service (SVR), accessed customer environments, production systems, source code, or AI systems.

Infosecurity Magazine reports: "Russian Spies Brute Force Senior Microsoft Staff Accounts"