Microsoft has revealed more details about how Russian hacking group Cozy Bear, also known as APT29, gained access to its network and stole internal emails and files. The compromised account used in the attack did not have multi-factor authentication (MFA) enabled, allowing the hackers to utilize password spray attacks. This type of attack involves attempting to log into multiple accounts using one password at a time, to avoid triggering monitoring systems. Once the hackers gained access to a non-production Microsoft system, they exploited a legacy test OAuth application, created additional malicious OAuth applications, and used a new user account to grant consent for these applications. With this access, they were able to steal emails and files from corporate inboxes. To make their traffic appear legitimate, Cozy Bear used residential broadband networks as proxies. Microsoft has admitted that its lack of MFA protection was a mistake and has stated its intention to fast-track MFA across the board. The company has also provided guides for administrators on how to avoid similar compromises. This incident serves as a reminder of the importance of implementing strong security measures, including multi-factor authentication, to protect against cyber attacks.
Microsoft reveals how Russia’s Cozy Bear hacked its email system
Latest from News
OilRig cyber group hits Iraqi Government with advanced malware surprise
Article Summary TLDR: Iranian state-sponsored threat actor OilRig targeted Iraqi government networks in a sophisticated cyber attack campaign using new malware families called Veaty
Ireland investigates Google’s AI data practices
TLDR: The Irish Data Protection Commission (DPC) is launching an inquiry into Google’s AI data practices in Europe. The inquiry will focus on whether
Report finds 4+ remote access tools in most OT environments
TLDR: Over half of OT environments have at least four remote access tools, increasing the risk of malicious activity. Non-enterprise grade tools lack key
TfL updates customer data theft statement following cyber-attack
TLDR: Transport for London (TfL) has revised its statement on the customer data theft after a cyber-attack. The cyber-attack has disrupted online services, but
Yale’s smart campus strategy: defeating AI cyber threats in cloud
TLDR: Yale’s Information Technology Department reported a rise in high-quality phishing attacks due to AI. Yale announced two initiatives: Bee SAFE, Not Sorry and