Russian hacking group Midnight Blizzard breached the UK Residence Workplace, stealing delicate knowledge. Find out how they exploited provide chain assaults to compromise authorities methods. Uncover the pressing want for stronger cybersecurity measures.
The infamous Russian hacking group, Midnight Blizzard efficiently infiltrated the UK authorities’s Residence Workplace methods, stealing delicate knowledge and emails, a brand new report by The Report reveals.
As reported in January 2024, Midnight Blizzard compromised the e-mail accounts of senior Microsoft executives and gained entry to the corporate’s supply code repositories and inner methods. Subsequently, the hackers leveraged this foothold to focus on Microsoft’s shoppers, together with the UK Residence Workplace.
The division reported the incident to the UK’s knowledge safety regulator in Could. Within the report, obtained by The Report beneath the Freedom of Data Act, the division described the incident as a “nation-state attack on supplier” of its company methods and confirmed it was linked to the January assault focusing on Microsoft.
In April, the US Cybersecurity and Infrastructure Safety Company (CISA) said thon the hack had additionally affected federal authorities knowledge. Microsoft pledged to help the US authorities’s investigation by offering metadata for all exfiltrated federal company correspondence.
Microsoft has denied any compromise of customer-facing methods hosted by the corporate following the January assault, stating that the attacker solely accessed a small proportion of Microsoft’s company e-mail accounts and affected clients have been notified.
The UK authorities has additionally denied any proof of compromised operational Residence Workplace knowledge, stating that knowledge safety is taken severely with strong reporting mechanisms and steady monitoring.
However, the incident highlights the rising sophistication and audacity of Midnight Blizzard. Hackread.com has been monitoring the actions of this infamous group, which has emerged as a serious menace, focusing on a various vary of organizations. Midnight Blizzard’s targets are primarily espionage, focusing on authorities entities, NGOs, IT companies, know-how, discrete manufacturing, and media sectors.
In June 2024, the group focused TeamViewer, a German distant entry and assist software program firm, inner IT surroundings, presumably by exploiting compromised credentials of a regular worker account.
Microsoft not too long ago reported a focused social engineering assault by Midnight Blizzard, utilizing phishing lures despatched through Microsoft Groups chats to steal credentials, impacting a minimum of 40 distinctive international organizations. These breaches elevate severe considerations concerning the safety of important infrastructure and authorities methods.
This assault additionally raises questions on Microsoft’s safety practices. Regardless of being a worldwide tech big, the corporate seems to have fallen sufferer to a primary safety lapse by failing to implement multi-factor authentication on a non-production check tenant account, commented Kevin Robertson, COO of Acumen Cyber.
“That is yet one more instance of the harmful monopoly Microsoft has on the digital world and the way attackers are hijacking its ubiquity to compromise organisations,“ Kevin stated. “On this assault, the menace actor leveraged an OAuth app inside Microsoft’s check tenant, inadvertently granting it elevated permissions, which then supplied entry to Microsoft and its clients’ emails, together with inboxes belonging to officers from the Residence Workplace and the US authorities.“
RELATED TOPICS
- Faux Ledger App on Microsoft Retailer to Steal $800k in Crypto
- Microsoft Disables App Installer After It’s Abused for Malware
- Microsoft Azure Exploited to Create Undetectable Cryptominer
- Microsoft Groups Exterior Entry Abuses for DarkGate Malware
- Microsoft Outlook Flaw Exploited by Russian Forest Blizzard Group