Thursday, April 24, 2025
HomeCyber AttackHackers Launch Stealthy Password Attacks Using Proxy Services - Microsoft

Hackers Launch Stealthy Password Attacks Using Proxy Services – Microsoft

Published on

SIEM as a Service

Follow Us on Google News

The threat actor “Midnight Blizzard” is engaging in increasing credential attack activity.

They conceal the origin of their assaults by employing residential proxy services.

These attacks target governments, IT service providers, NGOs, the defense sector, and vital manufacturing.

- Advertisement - Google News

Numerous password spray, brute force, and token theft tactics are used in these credential assaults.

Employing Low-Reputation IP Addresses & Proxy Services

Midnight Blizzard (NOBELIUM) has also carried out session replay assaults using stolen sessions, most likely obtained through illegal selling to get initial access to cloud resources.

Threat actors’ connections made with compromised credentials can be obscured by utilizing low-reputation IP addresses, such as those provided by residential proxy providers.

Microsoft Threat Intelligence reported that “the threat actor likely used these IP addresses for very short periods, which could make scoping and remediation challenging.”

Details of Midnight Blizzard Threat Actor (Microsoft)

Microsoft noted in a series of tweets that, making issues even more difficult, the threat actor only uses these IP addresses occasionally, creating substantial obstacles for effective scoping and remediation operations.

It is important to note that the same organization, known as Midnight Blizzard or NOBELIUM, was responsible for the disastrous SolarWinds breach in late 2021.

Microsoft has strengthened its defenses to combat this growing danger. To defend against these attacks, Microsoft Defender Antivirus, Defender for Endpoint, Defender for Cloud Apps, and Azure Active Directory have all been given strong security features and improved detection capabilities.

Manage and secure Your Endpoints Efficiently – Free Download

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Verizon DBIR Report: Small Businesses Identified as Key Targets in Ransomware Attacks

Verizon Business's 2025 Data Breach Investigations Report (DBIR), released on April 24, 2025, paints...

Lazarus APT Targets Organizations by Exploiting One-Day Vulnerabilities

A recent cyber espionage campaign by the notorious Lazarus Advanced Persistent Threat (APT) group,...

ToyMaker Hackers Compromise Numerous Hosts via SSH and File Transfer Tools

In a alarming cybersecurity breach uncovered by Cisco Talos in 2023, a critical infrastructure...

Threat Actors Exploiting Unsecured Kubernetes Clusters for Crypto Mining

In a startling revelation from Microsoft Threat Intelligence, threat actors are increasingly targeting unsecured...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Verizon DBIR Report: Small Businesses Identified as Key Targets in Ransomware Attacks

Verizon Business's 2025 Data Breach Investigations Report (DBIR), released on April 24, 2025, paints...

Lazarus APT Targets Organizations by Exploiting One-Day Vulnerabilities

A recent cyber espionage campaign by the notorious Lazarus Advanced Persistent Threat (APT) group,...

ToyMaker Hackers Compromise Numerous Hosts via SSH and File Transfer Tools

In a alarming cybersecurity breach uncovered by Cisco Talos in 2023, a critical infrastructure...