Russian APT Group Targets Microsoft

Russian APT Group Targets Microsoft
User 3301

Well known APT group APT 29, also known as NOBELLIUM, Midnight Blizzard, Cozy bear, has been identified targeting Microsoft in recent weeks. The recent attacks on Microsoft appear to stem from authentication and source code secrets stolen from Microsoft earlier in the year in January. 

Cyber Coffee
In January Microsoft openly disclosed to the public that APT 29 had in fact breached Microsoft's internal corporate email. This was likely due to a password spraying attack that gave the group access to legacy/test systems at Microsoft that did not have Multi-Factor Authentication (MFA) enabled. 

Microsoft has continued to release information about the attack, and say that the stolen data has likely been used to gain further access to internal code repositories. 

Cyber Coffee

Further details about the ongoing attacks lead Microsoft to believe that the threat actors targeted them in such a way to determine how much Microsoft truly knew about the group. This thinking comes from the fact that the group was accessing the mailboxes of the cybersecurity, legal and leadership team members within the company. 

 

Terminal Brew recommends that if you or your organization is using any Microsoft services that have to use password authentication, that you immediately change the password and implement MFA.

 

Further reading about this topic can be found at:

https://www.bleepingcomputer.com/news/microsoft/microsoft-says-russian-hackers-breached-its-systems-accessed-source-code/ 

Related posts

  • New Backdoor targeting Apple MacOS (RustDoor) - Terminal Brew

    New Backdoor targeting Apple MacOS (RustDoor)

    New Backdoor targeting Apple MacOS (RustDoor)
  • Sandman APT - Terminal Brew

    Sandman APT

    Researchers recently discovered that the APT group Sandman, known for it's targeting of telecommunications companies, has been directly associated to a Chinese based backdoor (KEYPLUG). 
  • Apple Zero Click Spyware - Terminal Brew

    Apple Zero Click Spyware

    Apple zero-click iMessage exploit allows an attacker to infect iPhones with spyware without any interaction from the end user.