Saturday, July 13, 2024
EHA

Microsoft Alerts More Users in Update to Midnight Blizzard Hack

Microsoft has issued a new alert to its users, updating them on the continued threat posed by Midnight Blizzard, a Russian state-sponsored hacking group also known as NOBELIUM.

The alert follows the initial detection of the attack by Microsoft’s Security Team on January 12, 2024.

The attack, which targeted Microsoft’s corporate email systems, prompted an immediate response from the company.

Subsequent investigations have revealed that Midnight Blizzard has been using information exfiltrated from these systems to attempt unauthorized access to other areas, including some of Microsoft’s source code repositories and internal systems.

"Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!"- Free Demo

Increased Attack Volume and Sophistication

In recent weeks, Microsoft has observed a significant increase in the volume and sophistication of Midnight Blizzard’s attacks.

The group has ramped up its efforts, with password spray attacks increasing tenfold in February compared to January 2024.

This escalation underscores the group’s sustained commitment and coordination, reflecting a broader trend of sophisticated nation-state cyber threats.

Despite these efforts, Microsoft has found no evidence of compromised customer-facing systems.

“Midnight Blizzard increased the volume of some aspects of the attack, such as password sprays, by as much as tenfold in February compared to the already large volume we saw in January 2024, Microsoft said

However, the company remains vigilant and proactive in its defense strategies.

In response to the ongoing threat, Microsoft has bolstered its security investments and cross-enterprise coordination.

The company has implemented enhanced security controls, detections, and monitoring to protect its environment against this advanced persistent threat.

Microsoft is also actively contacting customers whose information may have been compromised to assist them in taking mitigating measures.

The Midnight Blizzard attack highlights the evolving and increasingly complex global threat landscape.

Microsoft remains committed to transparency and will continue to share updates as its investigations progress.

The company’s ongoing efforts to secure its systems and protect its users reflect a broader industry need for heightened vigilance and robust cybersecurity measures in the face of sophisticated nation-state attacks.

Are you from SOC/DFIR Teams? - Sign up for a free ANY.RUN account! to Analyse Advanced Malware Files

Website

Latest articles

mSpy Data Breach: Millions of Customers’ Data Exposed

mSpy, a widely used phone spyware application, has suffered a significant data breach, exposing...

Advance Auto Parts Cyber Attack: Over 2 Million Users Data Exposed

RALEIGH, NC—Advance Stores Company, Incorporated, a prominent commercial entity in the automotive industry, has...

Hackers Using ClickFix Social Engineering Tactics to Deploy Malware

Cybersecurity researchers at McAfee Labs have uncovered a sophisticated new method of malware delivery,...

Coyote Banking Trojan Attacking Windows Users To Steal Login Details

Hackers use Banking Trojans to steal sensitive financial information. These Trojans can also intercept...

Hackers Created 700+ Fake Domains to Sell Olympic Games Tickets

As the world eagerly anticipates the Olympic Games Paris 2024, a cybersecurity threat has...

Japanese Space Agency Spotted zero-day via Microsoft 365 Services

The Japan Aerospace Exploration Agency (JAXA) has revealed details of a cybersecurity incident that...

Top 10 Active Directory Management Tools – 2024

Active Directory Management Tools are essential for IT administrators to manage and secure Active...
Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles