Russian Group known as Midnight Blizzard/Cozy Bear/Nobelium has hacked both Microsoft and HPE systems.
Microsoft in its official statement said the hacking group used a password spray attack on its corporate systems beginning Nov 2023, this compromised a legacy non-production test tenant account per Microsoft. The foothold gained with this breach allowed the Russian attackers to access certain Microsoft corporate email accounts belonging to members of senior leadership team and employees in cybersecurity, legal, and other functions. Per initial investigation conducted by Microsoft the Russian group was fishing for information about
Password spray attack is a brute force technique which involves an attacker running a single password against multiple accounts, generally a great technique to breach systems that use a default password.
Methods to prevent password spraying attacks -
- Enforce a password reset on login when you set a default password to a username
- Use MFA
- Review password management tools if they are being used
- Detect and block IPs that exceed a certain incorrect username/password threshold
This Wednesday(Jan 24) HPE said its cloud based email systems were breached by the same group - Midnight Blizzard/Cozy Bear/Nobelium.
In a regulatory filing HPE stated it was notified that Midnight Blizzard has gained access to its cloud based email environment. HPE goes on to state "with assistance from external cybersecurity experts, immediately activated our response process to investigate, contain, and remediate the incident, eradicating the activity".
HPE on the basis of its ongoing investigation believes there is a link to this ongoing activity with an earlier breach by the same threat actor dating June 2023 which involved unauthorized access to and exfiltration of a limited number of SharePoint files.
Microsoft Official Statement - https://msrc.microsoft.com/blog/2024/01/microsoft-actions-following-attack-by-nation-state-actor-midnight-blizzard/
HPE regulatory filing - https://www.sec.gov/ix?doc=/Archives/edgar/data/1645590/000164559024000009/hpe-20240119.htm
0 Comments