Microsoft’s Inner Secrets Unveiled by Impudent Hackers

Hackers breached Microsoft to find out what Microsoft knows about themOn Friday, Microsoft disclosed that the hacking group it calls Midnight Blizzard, also known as APT29 — and widely believed to be sponsored by the Russian government — hacked some corporate email accounts, including those of the company’s “senior leadership team and employees in our cybersecurity, legal, and other functions.”Curiously, the hackers didn’t go after customer data or the traditional corporate information they may have normally gone after. They wanted to know more about themselves, or more specifically, they wanted to know what Microsoft knows about them, according to the company. “The investigation indicates they were initially targeting email accounts for information related to Midnight Blizzard itself,” the company wrote in a blog post and SEC disclosure. According to Microsoft, the hackers used a “password spray attack” — essentially brute forcing — against a legacy account, then used that account’s permissions to “to access a very small percentage of Microsoft corporate email accounts.”Microsoft did not disclose how many email accounts were breached, nor exactly what information the hackers accessed or stole. Microsoft took advantage of news of this hack to talk about how they are going to move forward to make itself more secure.

Hackers have recently breached Microsoft, but not for the usual corporate information or customer data. No, this time they had a different target in mind – themselves. In a surprising turn of events, the hacking group known as Midnight Blizzard, believed to be sponsored by the Russian government, targeted email accounts of Microsoft’s senior leadership team and employees in cybersecurity, legal, and other functions.

“The investigation indicates they were initially targeting email accounts for information related to Midnight Blizzard itself,” Microsoft disclosed.

Their methods were a “password spray attack”, using brute force to gain access to a legacy account, and then utilizing its permissions to access a small percentage of corporate email accounts. Microsoft has not divulged the exact number of accounts breached or the extent of information stolen.

The company has stated that the hackers were after one thing – to find out what Microsoft knows about them. This raises questions about the information that Microsoft possesses and the role it plays in the world of cyber espionage.

Microsoft has taken this incident as an opportunity to address its security measures and make necessary changes. They plan to apply their current standards to legacy systems and internal business processes, even if it causes disruption. According to the company, this is just the first step in a series of actions they will be taking to prioritize security.

If you have any information about this hack, Microsoft encourages you to contact them. TechCrunch has also provided secure channels for individuals to share their insights.

Do you have more information about this hack? Contact us. From a non-work device, you can reach out to Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382 or via Telegram, Keybase, and Wire @lorenzofb, or email lorenzo@techcrunch.com. You can also contact TechCrunch via SecureDrop.

Avatar photo
Ava Patel

Ava Patel is a cultural critic and commentator with a focus on literature and the arts. She is known for her thought-provoking essays and reviews, and has a talent for bringing new and diverse voices to the forefront of the cultural conversation.

Articles: 640

Leave a Reply

Your email address will not be published. Required fields are marked *