CISA orders US government agencies to check email systems for signs of Russian compromise
- by nlqip
“For several years, the US government has documented malicious cyber activity as a standard part of the Russian playbook; this latest compromise of Microsoft adds to their long list. We will continue efforts in collaboration with our federal government and private sector partners to protect and defend our systems from such threat activity,” CISA Director Jen Easterly was quoted as saying.
Microsoft’s announcements around Midnight Blizzard’s campaign against it have been like a slow reveal that gets worse with each new twist.
Microsoft originally named Midnight Blizzard as being behind the attack, which it said commenced in late November 2023. The group used a simple password spray technique to gain a foothold in its network with what Microsoft described as a “legacy non-production test tenant account.”
At that time, the attack was said to have targeted senior Microsoft executives but was still believed to be limited in scope. However, in a more recent update in March the assessment had darkened with the company admitting the attackers had gained access to internal systems and source code.
There is a longer-term pattern at work with the company publishing a warning in August 2023 that Midnight Blizzard was targeting Microsoft customers through social engineering attacks on Microsoft Teams.
Who is Midnight Blizzard?
Associated by the US and UK with the Russian SVR Foreign Intelligence Service, Midnight Blizzard is known by several nicknames depending on which security vendor is doing the naming. Other names include Nobelium, APT29, and Cozy Bear, the last made famous in 2016 when it was blamed along with a second Russian group, Fancy Bear, for breaching servers belonging to the Democratic National Committee (DNC).
Source link
lol
“For several years, the US government has documented malicious cyber activity as a standard part of the Russian playbook; this latest compromise of Microsoft adds to their long list. We will continue efforts in collaboration with our federal government and private sector partners to protect and defend our systems from such threat activity,” CISA Director…
Recent Posts
- Bob Sullivan Discovers a Scam That Strikes Twice
- A Vulnerability in Apache Struts2 Could Allow for Remote Code Execution
- CISA Adds One Known Exploited Vulnerability to Catalog | CISA
- Xerox To Buy Lexmark For $1.5B In Blockbuster Print Deal
- Vulnerability Summary for the Week of December 16, 2024 | CISA