Russian Hacking Group MidnightBlizzard Stole Emails From Microsoft Execs, Employees
CISA investigates possible Ivanti flaw government agency hacks, ScarCruft is testing targeting of infosec pros, Trezor breach affects 66,000, LockBit claims attack on Subway, much more
Note bene: While Metacurity explores switching to alternative newsletter platforms, please know that whatever we do, you can always reach Metacurity at https://metacurity.com.
Check out my latest CSO column (also cited as a leading item below) on how the DPRK gang ScarCruft is developing plans to target infosec professionals.
In a blog post, Microsoft said a hacking group working for the Russian government called Midnight Blizzard, also known as Nobelium, broke into its corporate networks two months ago using a password spray attack and stole emails from executives and some employees in its cybersecurity and legal departments.
The company said it had detected the November breach on Jan. 12 and was beginning to notify staffers whose communications were intercepted. A password worked on what Microsoft said was an old test account. The hacker then used the account’s privileges to access multiple email streams. Soon after the intrusion, the hackers searched the emai…
Keep reading with a 7-day free trial
Subscribe to Metacurity to keep reading this post and get 7 days of free access to the full post archives.