Brother
Professional
- Messages
- 2,590
- Reaction score
- 526
- Points
- 113
Hidden threat and cyber giant's response.
On Friday, Microsoft announced a cyberattack that was allegedly carried out by state hackers. The group, known as Midnight Blizzard, penetrated several of the company's corporate email accounts, including those of " senior management and employees responsible for cybersecurity, legal and other functions."
Interestingly, the hackers didn't target customer data or traditional corporate information. According to Microsoft, the purpose of the attack was to get information about themselves - that is, to find out what Microsoft knows about the Midnight Blizzard group.
Microsoft said the hackers used a "password spray attack" method that allowed them to gain access to a small percentage of corporate emails. The company did not disclose how many accounts were hacked or what information was available to the hackers.
The attack was not caused by a vulnerability in Microsoft products or services. At the moment, there is no evidence that attackers gained access to customer environments, production systems, source code, or artificial intelligence systems. The Company undertakes to notify customers if any action is required.
In response to this incident, Microsoft stressed the need to accelerate efforts to improve security. The company announced its intention to immediately apply current security standards to Microsoft systems and internal business processes, even if this leads to violations in existing processes.
Microsoft recommends a number of precautions, including using phishing-resistant authentication methods and applying best security practices for Microsoft Teams.
The company strongly recommends that users be aware of social engineering and identity theft attacks, including refraining from entering MFA codes sent through any form of unsolicited messages.
On Friday, Microsoft announced a cyberattack that was allegedly carried out by state hackers. The group, known as Midnight Blizzard, penetrated several of the company's corporate email accounts, including those of " senior management and employees responsible for cybersecurity, legal and other functions."
Interestingly, the hackers didn't target customer data or traditional corporate information. According to Microsoft, the purpose of the attack was to get information about themselves - that is, to find out what Microsoft knows about the Midnight Blizzard group.
Microsoft said the hackers used a "password spray attack" method that allowed them to gain access to a small percentage of corporate emails. The company did not disclose how many accounts were hacked or what information was available to the hackers.
The attack was not caused by a vulnerability in Microsoft products or services. At the moment, there is no evidence that attackers gained access to customer environments, production systems, source code, or artificial intelligence systems. The Company undertakes to notify customers if any action is required.
In response to this incident, Microsoft stressed the need to accelerate efforts to improve security. The company announced its intention to immediately apply current security standards to Microsoft systems and internal business processes, even if this leads to violations in existing processes.
Microsoft recommends a number of precautions, including using phishing-resistant authentication methods and applying best security practices for Microsoft Teams.
The company strongly recommends that users be aware of social engineering and identity theft attacks, including refraining from entering MFA codes sent through any form of unsolicited messages.
