Microsoft explained how its executives were spied on
Microsoft and HPE in the Light of the Solar Winds Attack: A Case Study of a Cyber-Scale Attack Against Microsoft
Microsoft revealed last week that it had discovered a nation-state attack on its corporate systems from the Russian state-sponsored hackers that were behind the SolarWinds attack. Hackers were able to access the email accounts of some members of Microsoft’s senior leadership team — potentially spying on them for weeks or months.
The same group of hackers had previously gained access to the “cloud-based email environment” of Hewlett Packard Enterprise. HPE didn’t name the provider, but the company did reveal the incident was “likely related” to the “exfiltration of a limited number of [Microsoft] SharePoint files as early as May 2023.”
“We shouldn’t be surprised that Russian intelligence-backed threat actors, and SVR in particular, are targeting tech companies like Microsoft and HPE. Jake Williams is a former US National Security Agency hacker and current faculty member at the Institute for Applied Network Security.
Nobelium initially accessed Microsoft’s systems through a password spray attack. This type of attack is a brute force one that sees hackers use a dictionary of potential passwords against accounts. The non-production test tenant account didn’t have two-factor authentication enabled which is critical to the investigation. The password spray attacks were tailored to a limited number of accounts using a low number of attempts to avoid detection, says Microsoft.
Increased access gave the group the chance to create more malicious application and create accounts to access Microsoft’s corporate environment and Office 365 Exchange Online service which gives access to email inboxes.
Kurtz was right, more has come out, but there are still some key details missing. Microsoft does claim that if this same non-production test environment was deployed today then “mandatory Microsoft policy and workflows would ensure MFA and our active protections are enabled” to better protect against these attacks. Microsoft still has plenty more explaining to do, especially if it wants its customers to believe it’s truly improving the way it designs, builds, tests, and operates its software and services to better protect against security threats.