On Friday, Microsoft revealed that it had been the victim of a hack carried out by Russian government spies.
In a new blog post, Microsoft said that “the same actor has been targeting other organizations and, as part of our usual notification processes, we have begun notifying these targeted organizations.”At this point, it’s unclear how many organizations the Russian-backed hackers targeted.
Microsoft, however, said that the hackers specifically targeted the company’s senior executives, as well as people who work in cybersecurity, legal, and other departments.
The hackers were able to steal “some emails and attached documents.”Curiously, the hackers were interested in finding out information about themselves, specifically what Microsoft knows about them, the company said.
On Thursday, Hewlett Packard Enterprise (HPE) disclosed that its Microsoft-hosted email system was hacked by Midnight Blizzard.
Hackers breached Microsoft to find out what Microsoft knows about themOn Friday, Microsoft disclosed that the hacking group it calls Midnight Blizzard, also known as APT29 — and widely believed to be sponsored by the Russian government — hacked some corporate email accounts, including those of the company’s “senior leadership team and employees in our cybersecurity, legal, and other functions.”Curiously, the hackers didn’t go after customer data or the traditional corporate information they may have normally gone after.
They wanted to know more about themselves, or more specifically, they wanted to know what Microsoft knows about them, according to the company.
“The investigation indicates they were initially targeting email accounts for information related to Midnight Blizzard itself,” the company wrote in a blog post and SEC disclosure.
According to Microsoft, the hackers used a “password spray attack” — essentially brute forcing — against a legacy account, then used that account’s permissions to “to access a very small percentage of Microsoft corporate email accounts.”Microsoft did not disclose how many email accounts were breached, nor exactly what information the hackers accessed or stole.
Microsoft took advantage of news of this hack to talk about how they are going to move forward to make itself more secure.
VF Corp., the parent company of the popular apparel brands Vans, Supreme, and The North Face, said Thursday that hackers stole the personal data of 35.5 million customers in a December cyberattack.
The Denver, Colorado-based company reported the data breach to regulators in a filing on Thursday.
The filing did not say specifically what kinds of personal data was taken, or if the company yet knows what was stolen.
VF Corp. spokesperson Colin Wheeler did not respond to an email from TechCrunch requesting more information.
VF Corp. previously said the hackers disrupted its operations “by encrypting some IT systems,” implying a ransomware attack.
U.S. repairable laptop maker Framework has confirmed that hackers accessed customer data after successfully phishing an employee at its accounting service provider.
In an email sent to affected customers, Framework said that an employee at Keating Consulting, its primary external accounting partner, fell victim to a social engineering attack that allowed malicious hackers to obtain customers’ personal information related to outstanding balances for Framework purchases.
Framework told affected customers that hackers could use this stolen information to impersonate Framework to ask for payment information.
The Silicon Valley-based accounting company, which primarily provides interim financial leadership and back-office support to startups, has almost 300 clients, according to its website.
Framework said that in light of the incident at Keating, the company will require mandatory phishing and social engineering attack training for any of the company’s employees who have access to Framework customers’ information.
U.S. software giant Ivanti has confirmed that hackers are exploiting two critical-rated vulnerabilities affecting its widely-used corporate VPN appliance, but said that patches won’t be available until the end of the month.
Ivanti said the two vulnerabilities — tracked as CVE-2023-46805 and CVE-2024-21887 — were found in its Ivanti Connect Secure software.
Formerly known as Pulse Connect Secure, this is a remote access VPN solution that enables remote and mobile users to access corporate resources over the internet.
When TechCrunch asked why patches weren’t being made available immediately, Ivanti declined to comment.
Ivanti is urging that potentially impacted organizations prioritize following its mitigation guidance, and U.S. cybersecurity agency CISA has also published an advisory urging Ivanti Connect Secure to mitigate the two vulnerabilities immediately.
Real estate services giant Fidelity National Financial has confirmed hackers stole data on 1.3 million of its customers during a November cyberattack that knocked the company offline for a week.
FNF spokesperson Lisa Foxworthy-Parker did not respond to TechCrunch’s email requesting further details.
FNF said it “contained” the cyberattack on November 26 following a week-long outage that virtually froze all of the company and much of its subsidiaries’ operations.
One of FNF’s subsidiaries described the incident as a “catastrophe” in an automated message for customers.
FNF was one of several corporate victims of cyberattacks in recent weeks targeting the mortgage and loan industry, including LoanDepot and Mr. Cooper.
AI aides nation-state hackers but also helps US spies to find them, says NSA cyber directorNation state-backed hackers and criminals are using generative AI in their cyberattacks, but U.S. intelligence is also using artificial intelligence technologies to find malicious activity, according to a senior U.S. National Security Agency official.
“We already see criminal and nation state elements utilizing AI.
“We’re seeing intelligence operators [and] criminals on those platforms,” said Joyce.
“On the flip side, though, AI, machine learning [and] deep learning is absolutely making us better at finding malicious activity,” he said.
“Machine learning, AI, and big data helps us surface those activities [and] brings them to the fore because those accounts don’t behave like the normal business operators on their critical infrastructure, so that gives us an advantage,” Joyce said.
Crypto losses declined over 50% in 2023 Hackers and scammers laid back on the weekends, CertiK report findsWhile hackers continue to hack the crypto industry for a cash grab, the dollar amount is down substantially compared to the previous year.
The total amount “lost” during 2023 from security incidents was almost $2 billion, down 51% from 2022, according to security-focused CertiK’s annual 2023 web3 security report.
The report defines losses in this context as the value of digital assets stolen by malicious actors.
During the past year, 10 incidents, including the $200 million Mixin Network and $197 million Euler Finance hacks, accounted for $1.11 billion of losses.
One bit that wasn’t featured in the report is that there was a “marked decline” in hacks and scams over the weekends during 2023.
Here we go again: 2023’s badly handled data breaches Delays, silence and unanswered questions follow these organizations into the new yearLast year, we compiled a list of 2022’s most poorly handled data breaches looking back at the bad behavior of corporate giants when faced with hacks and breaches.
That included everything from downplaying the real-world impact of spills of personal information and failing to answer basic questions.
Samsung won’t say how many customers hit by year-long data breachSamsung has once again made it onto our badly handled breaches list.
Lyca Mobile later admitted a data breach, in which unnamed attackers had accessed “at least some of the personal information held in our system” during the hack.
Data leaked by the gang, and reviewed by TechCrunch, included the personal data of thousands of CommScope employees, including full names, postal addresses, email addresses, personal numbers, Social Security numbers, passport scans and bank account information.
This year was no different to last: we saw another round of high-profile busts, arrests, sanctions, and prison time for some of the most prolific cybercriminals in recent years.
Twitter took drastic measures to rid the hackers from its network by temporarily blocking all of the site’s 200-million-plus users from posting.
A New York judge sentenced the 24-year-old hacker to five years in prison, two of which O’Connor already served in pre-trial custody.
Federal prosecutors this year accused a former Amazon employee of hacking into a cryptocurrency exchange and stealing millions worth of customers’ crypto.
Why did a Russian man accused by U.S. prosecutors of ransomware attacks burn his passport?