Security News > 2023 > June > Microsoft Warns of Widescale Credential Stealing Attacks by Russian Hackers
Microsoft has disclosed that it's detected a spike in credential-stealing attacks conducted by the Russian state-affiliated hacker group known as Midnight Blizzard.
The group, which drew worldwide attention for the SolarWinds supply chain compromise in December 2020, has continued to rely on unseen tooling in its targeted attacks aimed at foreign ministries and diplomatic entities.
"These credential attacks use a variety of password spray, brute-force, and token theft techniques," Microsoft said in a series of tweets, adding the actor "Also conducted session replay attacks to gain initial access to cloud resources leveraging stolen sessions likely acquired via illicit sale."
The attacks leveraged emails bearing attachments exploiting multiple vulnerabilities in the open-source Roundcube webmail software to conduct reconnaissance and data gathering.
A successful breach enabled the Russian military intelligence hackers to deploy rogue JavaScript malware that redirected the incoming emails of targeted individuals to an email address under the attackers' control as well as steal their contact lists.
The activity is said to dovetail with another set of attacks weaponizing a then-zero-day flaw in Microsoft Outlook that Microsoft disclosed as employed in "Limited targeted attacks" against European organizations.
News URL
https://thehackernews.com/2023/06/microsoft-warns-of-widescale-credential.html
Related news
- Microsoft says Russian hackers breached its systems, accessed source code (source)
- Microsoft Confirms Russian Hackers Stole Source Code, Some Customer Secrets (source)
- Microsoft: Russian hackers accessed internal systems, code repositories (source)
- Microsoft still unsure how hackers stole MSA key in 2023 Exchange attack (source)
- Hackers steal Windows NTLM authentication hashes in phishing attacks (source)
- Hackers impersonate U.S. government agencies in BEC attacks (source)
- PetSmart warns of credential stuffing attacks trying to hack accounts (source)
- Chinese State Hackers Target Tibetans with Supply Chain, Watering Hole Attacks (source)
- Microsoft confirms Russian spies stole source code, accessed internal systems (source)
- DarkGate Malware Exploited Recently Patched Microsoft Flaw in Zero-Day Attack (source)