Microsoft has revealed more details about how Russian hacking group Cozy Bear, also known as APT29, gained access to its network and stole internal emails and files. The compromised account used in the attack did not have multi-factor authentication (MFA) enabled, allowing the hackers to utilize password spray attacks. This type of attack involves attempting to log into multiple accounts using one password at a time, to avoid triggering monitoring systems. Once the hackers gained access to a non-production Microsoft system, they exploited a legacy test OAuth application, created additional malicious OAuth applications, and used a new user account to grant consent for these applications. With this access, they were able to steal emails and files from corporate inboxes. To make their traffic appear legitimate, Cozy Bear used residential broadband networks as proxies. Microsoft has admitted that its lack of MFA protection was a mistake and has stated its intention to fast-track MFA across the board. The company has also provided guides for administrators on how to avoid similar compromises. This incident serves as a reminder of the importance of implementing strong security measures, including multi-factor authentication, to protect against cyber attacks.
Microsoft reveals how Russia’s Cozy Bear hacked its email system
![](https://cybersecuritypeek.com/wp-content/uploads/2024/01/cybersecurity-images-31.jpg)
Latest from News
![](https://cybersecuritypeek.com/wp-content/uploads/2024/01/cybersecurity-images-121-720x480.png)
OpenStack Nova flaw lets hackers infiltrate cloud servers without permission
TLDR: A vulnerability in OpenStack’s Nova component, tracked as CVE-2024-40767, allows hackers to gain unauthorized access to cloud servers. The vulnerability affects multiple versions
![](https://cybersecuritypeek.com/wp-content/uploads/2024/01/cybersecurity-images-40-720x480.jpg)
CrowdStrike alert: New phishing scam targets German customers
TLDR: – CrowdStrike warns of a new phishing scam targeting German customers. – Malicious installers distributed via a fake website impersonating a German entity.
![](https://cybersecuritypeek.com/wp-content/uploads/2024/01/cybersecurity-images-36-720x480.jpg)
Beware: NKorea Cyber Op Targets Military, Nuclear Secrets in UK, US, SKorea
Article Summary TLDR: UK, US, and S. Korea issued a warning about a North Korea-backed cyber espionage campaign The group Andariel has been targeting
![](https://cybersecuritypeek.com/wp-content/uploads/2024/01/cybersecurity-images-24-720x480.jpg)
Security leaders weigh in on SEC cyber disclosure ruling one year later
TLDR: One year after the SEC cyber disclosure ruling, security leaders weigh in on its impact. Security professionals reflect on the lack of significant
![](https://cybersecuritypeek.com/wp-content/uploads/2024/01/cybersecurity-images-33-720x480.jpg)
Viettel Cyber Security and Banbros Commercial Inc tackle emerging cyber threats
TLDR: Viettel Cyber Security and Banbros Commercial Inc. addressed emerging cyber threats in the Philippines at a launching event. The event focused on discussing