Security News > 2024 > January > What Microsoft's latest email breach says about this IT security heavyweight

Microsoft declined to answer The Register's questions about the digital heist, or its security in general.

This marks the second time since 2020 the same gang of Kremlin-backed cyber spies - whom Microsoft now calls Midnight Blizzard, used to track as Nobelium, and most call Cozy Bear - has invaded Microsoft.

Following the theft of the Microsoft security key that China used to break into US government email accounts in July - and at the urging of US Senator Ron Wyden - the US Cyber Safety Review Board launched an investigation into the Microsoft breach and the larger issues surrounding cloud security.

Presumably, the review board had begun its Microsoft analysis when Cozy Bear broke into corporate email accounts last year.

Beginning in late November 2023, the threat actor used a password spray attack to compromise a legacy non-production test tenant account and gain a foothold, and then used the account's permissions to access a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions, and exfiltrated some emails and attached documents.

"It is inexcusable that Microsoft still hasn't required multi-factor authentication, which is cybersecurity 101 and would have prevented this latest attack," Wyden told The Register.

News URL

https://go.theregister.com/feed/www.theregister.com/2024/01/24/microsoft_latest_breach_cozy_bear/