0
Please log in or register to do it.

In a recent security breach at Microsoft, hackers infiltrated the network and monitored top executives’ emails for two months. The breach occurred through access to an outdated test account with administrative privileges, exposing a significant oversight by the company.

 

 

 

Microsoft disclosed this new detail in a post published on Thursday, building upon the information released the previous Friday. According to Microsoft, state-sponsored hackers from Russia utilized a technique called password spraying to exploit a weak credential for logging into a “legacy non-production test tenant account” lacking multifactor authentication. Once inside, they managed to gain access to email accounts belonging to senior executives and employees in security and legal teams.

 

 

 

In the latest update on Thursday, Microsoft shared additional insights into how the hackers escalated their access. The group, identified as Midnight Blizzard, achieved persistent access to privileged email accounts by exploiting the OAuth authorization protocol. This widely-used protocol allows various apps to access network resources. After compromising the test tenant, Midnight Blizzard created a malicious app, granting it rights to access every email address on Microsoft’s Office 365 email service.

Shiba Inu's Potential Path to Reclaiming its All-Time High
Potential Challenges to the US Dollar in 2024: BRICS and Bitcoin in Focus

Your email address will not be published. Required fields are marked *