APT29 Targets Microsoft Company Email Accounts

<p>In a recent disclosure on Friday&comma; Microsoft revealed that the company had a cyberattack orchestrated by the hacking group known as Midnight Blizzard&comma; also recognized as APT29 or Cozy Bear&period; This group&comma; presumably linked to the Russian government&comma; targeted corporate email accounts&comma; specifically focusing on the company&&num;8217&semi;s senior leadership team and employees in cybersecurity&comma; legal&comma; and other departments&period;<&sol;p>&NewLine;<p><img class&equals;"alignnone size-full wp-image-3104" src&equals;"https&colon;&sol;&sol;www&period;wincert&period;net&sol;wp-content&sol;uploads&sol;2019&sol;05&sol;hacker&lowbar;binary&period;jpg" alt&equals;"" width&equals;"640" height&equals;"426" &sol;><&sol;p>&NewLine;<p>Interestingly&comma; the target behind the attack was not the usual customer data or conventional corporate information theft&period; Instead&comma; the hackers were interested in Microsoft&&num;8217&semi;s knowledge about them&comma; as stated by the company itself&period;<&sol;p>&NewLine;<p>The investigation showed that the hackers initiated their attack by focusing on email accounts associated with information concerning Midnight Blizzard&period; Microsoft explained in a blog post and SEC disclosure that the attackers used a so-called &&num;8220&semi;password spray attack&comma;&&num;8221&semi; basically using brute force against user accounts&period; Additionally&comma; they&&num;8217&semi;ve used the permissions of those compromised accounts to gain access to a limited number of Microsoft corporate email accounts&period;<&sol;p>&NewLine;<p>Although Microsoft hasn&&num;8217&semi;t mentioned the exact number of breached email accounts or specified the information accessed or stolen by the hackers&comma; the company wanted to show its commitment to improving its security measures in response to the incident&period;<&sol;p>&NewLine;<p>The company acknowledged the urgency of moving fast and expressed its intention to immediately apply enhanced security standards to Microsoft-owned legacy systems and internal business processes&period; Despite potential disruptions to existing business processes during this adjustment period&comma; Microsoft confirmed that these changes are necessary&period;<&sol;p>&NewLine;<p>The hacking group APT29&comma; also known as Cozy Bear&comma; appears to be connected to the Russian government and was involved in various high-profile cyberattacks&period; Previous targets include SolarWinds in 2019 and the Democratic National Committee in 2015&period;<&sol;p>&NewLine;