Security News > 2024 > January > Microsoft reveals how hackers breached its Exchange Online accounts
On January 12, 2024, Microsoft discovered that Russian hackers breached its systems in November 2023 and stole email from their leadership, cybersecurity, and legal teams.
Microsoft now explains that the threat actors used residential proxies and "Password spraying" brute-force attacks to target a small number of accounts, with one of these accounts being a "Legacy, non-production test tenant account."
When Microsoft first disclosed the breach, many wondered whether MFA was enabled on this test account and how a test legacy account would have enough privileges to spread laterally to other accounts in the organization.
"Using the information gained from Microsoft's investigation into Midnight Blizzard, Microsoft Threat Intelligence has identified that the same actor has been targeting other organizations and, as part of our usual notification processes, we have begun notifying these targeted organizations," warns Microsoft in the new update.
In September 2023, it was also revealed that the Chinese Storm-0558 hacking group stole 60,000 emails from U.S. State Department accounts after breaching Microsoft's cloud-based Exchange email servers earlier that year.
Finally, Microsoft advises using targeted hunting queries in Microsoft Defender XDR and Microsoft Sentinel to identify and investigate suspicious activities.
News URL
Related news
- Germany warns of 17K vulnerable Microsoft Exchange servers exposed online (source)
- Microsoft slammed for lax security that led to China's cyber-raid on Exchange Online (source)
- Microsoft slammed for lax security that led to China's cyber-raid on Exchange Online (source)
- Microsoft still unsure how hackers stole MSA key in 2023 Exchange attack (source)
- Microsoft will limit Exchange Online bulk emails to fight spam (source)
- 17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns (source)
- CISA Warns: Hackers Actively Attacking Microsoft SharePoint Vulnerability (source)
- These 17,000 unpatched Microsoft Exchange servers are a ticking time bomb (source)
- U.S. Cyber Safety Board Slams Microsoft Over Breach by China-Based Hackers (source)
- US Cyber Safety Review Board on the 2023 Microsoft Exchange Hack (source)