State-run Russian hackers used a weak password to break into Microsoft’s corporate network and gain access to emails and documents of senior executives, security staff and lawyers. This was reported by Microsoft in a statement submitted to the Securities and Exchange Commission.

Beginning in late November 2023, an attacker used a password spraying attack to compromise an outdated non-working customer test account and gain a foothold, then used the account’s permissions to access a very small percentage of Microsoft corporate email accounts, including cybersecurity employees. functions and also stole some emails and attachments. The investigation indicates that the email accounts initially targeted were information related to Midnight Blizzard. Microsoft notified employees whose emails were accessed by the attackers.

The company discovered the breach on January 12, exactly one week before the disclosure. Russian hackers likely had uninterrupted access to the accounts for two months.

The case revealed many nuances. First, this type of attack is possible in the absence of two-factor authentication and a weak password. Second, email accounts belonging to the “senior management, cyber security and legal” teams were only accessed using the permissions of a “test account” – someone had given that test account incredible privileges. Why was it removed if it was not used? Third, it took Microsoft about seven weeks to detect the attack.

Microsoft said it was not aware of any evidence of access to client environments, production systems, source code or artificial intelligence systems. The company refuses to answer questions, particularly about compliance with basic security practices.

UPDATED: Russian hackers penetrated the Kyivstar network several months before the attack and were able to destroy “practically all” ─ SBU

Source: Ars Technica