Security News > 2023 > June > Microsoft Warns of Widescale Credential Stealing Attacks by Russian Hackers

Microsoft has disclosed that it's detected a spike in credential-stealing attacks conducted by the Russian state-affiliated hacker group known as Midnight Blizzard.

The group, which drew worldwide attention for the SolarWinds supply chain compromise in December 2020, has continued to rely on unseen tooling in its targeted attacks aimed at foreign ministries and diplomatic entities.

"These credential attacks use a variety of password spray, brute-force, and token theft techniques," Microsoft said in a series of tweets, adding the actor "Also conducted session replay attacks to gain initial access to cloud resources leveraging stolen sessions likely acquired via illicit sale."

The attacks leveraged emails bearing attachments exploiting multiple vulnerabilities in the open-source Roundcube webmail software to conduct reconnaissance and data gathering.

A successful breach enabled the Russian military intelligence hackers to deploy rogue JavaScript malware that redirected the incoming emails of targeted individuals to an email address under the attackers' control as well as steal their contact lists.

The activity is said to dovetail with another set of attacks weaponizing a then-zero-day flaw in Microsoft Outlook that Microsoft disclosed as employed in "Limited targeted attacks" against European organizations.

News URL

https://thehackernews.com/2023/06/microsoft-warns-of-widescale-credential.html