Microsoft Hack Exposed: Cozy Bear’s Audacious Cyberattack and the Rising Tide of Ransomware Threats. Microsoft Discloses Hack by Russian Group Known as Midnight Blizzard, Also Called Cozy Bear or APT29. For years, Microsoft has kept an eye on a Russian hacker group believed to be linked to the government, known for several notorious security breaches. However, it turns out Microsoft was also under surveillance by the same group.
Last Friday, Microsoft revealed that it fell victim to a cyberattack by Midnight Blizzard, also identified as Cozy Bear or APT29. In November, the hackers infiltrated the company, successfully accessing emails and documents from a limited number of Microsoft’s corporate email accounts. This included accounts belonging to senior leadership and employees in cybersecurity, legal, and other departments, as per Microsoft’s Security Response Center. The hackers seemed to be searching for information about themselves that Microsoft might possess.
Cozy Bear first came into the limelight in 2016, accused of infiltrating the Democratic National Committee during the US presidential election. They were also behind the significant 2020 SolarWinds supply-chain attack, where malicious code was embedded into a software update, impacting up to 18,000 customers. The UK and US governments have linked the group to Russia’s Foreign Intelligence Service, the SVR. Despite this, Russian authorities consistently deny involvement in hacking activities.
Cozy Bear, among several Russian state-backed hacking groups, has been involved in high-profile espionage for years. They target states, NGOs, and corporations of interest to the Kremlin, often clashing with Microsoft in cyber warfare.
Microsoft has frequently exposed the group’s strategies through security advisories. In October 2021, the company accused Cozy Bear of attacking 140 technology providers and identified over 20,000 attacks by the group in just four months. The hackers aimed to infiltrate the technology supply chain for long-term surveillance. In August 2022, Microsoft detailed the group’s active methods, highlighting their focus on governments and think tanks in the US, Europe, and Central Asia.
Microsoft Hack Exposed: Cozy Bear’s Audacious Cyberattack and the Rising Tide of Ransomware Threats
Moreover, Cozy Bear has repeatedly targeted Microsoft and its software. The group was involved in the SolarWinds breach, affecting Microsoft and over 200 other companies and government entities. In 2022, Mandiant uncovered Cozy Bear’s attacks on Microsoft 365 accounts in NATO countries, aiming to steal foreign policy-related information. Last year, the group used Microsoft platforms to trap victims, creating fake domains to hijack credentials via Microsoft Teams, impacting less than 40 organizations, including NGOs and technology, manufacturing, and media companies.
The recent attack on Microsoft, targeting top-level employees, demonstrates Cozy Bear’s audacity and their effort to stay ahead in this cyber battle. This incident, which took Microsoft over a month to detect, raises concerns about the company’s internal security measures.
The nature of the attack is not fully detailed, but it involved targeting Microsoft’s cybersecurity team. The breach occurred through a “password spray attack,” where automated systems were used to guess passwords. This revelation is surprising given Microsoft’s advocacy for passwordless authentication, suggesting a security lapse. It’s unclear whether two-factor authentication, which could potentially thwart such attacks, was enabled.
This incident serves as a stark wake-up call for Microsoft, underscoring the need to accelerate security enhancements.
BYD Surpasses Tesla in Global EV Sales: How China’s Rising Star is Shaking Up the Electric Vehicle Market(Opens in a new browser tab)
Russian Intelligence Suspected in Hewlett Packard Enterprise Cyberattack, Following Similar Microsoft Breach(Opens in a new browser tab)
What types of businesses are most at risk for a cyberattack?(Opens in a new browser tab)
Facebook and Twitter Uncover and Dismantle Russian IRA Influence Network Ahead of US Elections(Opens in a new browser tab)
What are the most concerning cyberthreats right now 2024?(Opens in a new browser tab)