For the first time in the history of Microsoft, a cyberattack has left hundreds of executive accounts compromised and caused a major user data leak as Microsoft Azure was attacked.
According to Proofpoint, the hackers use the malicious techniques that were discovered in November 2023. It includes credential theft through phishing methods and cloud account takeover (CTO) which helped the hackers gain access to both Microsoft365 applications as well as OfficeHome.
The reason why so many people fell for this attack was because it was carried out through malicious links embedded in documents. These links led to phishing websites but the anchor text of these links was “View Document”.
It is believed that accessing these accounts would give them wider access to everything across the organization.
Naturally, no one was suspicious of a text like that. To hide their location and surpass geographical restrictions, the hackers probably used proxy services.
Speaking of the victims, although critical user data was compromised, the main target of the attack was mid-level and senior executives. Especially people like financial directors, operations vice presidents, presidents, sales directors, account managers, and CEOs.
The objective of this attack has been identified as financial fraud and of course data theft. What made matters worse is these hackers might have meddled with the multi-factor authentication system once they got access.
It basically means that either change the recovery phone number to lock out the user for a longer time or install an app authenticator to permanently lock out the original account owner. More details about the impact of the attack are yet to come.
Meanwhile, the attackers have been identified as a group originating from Russia and Nigeria. However, this assumption is only based on their use of the local fixed-line ISPs in these countries. The rest of the details are still unknown.
Microsoft’s Poor Security Practices
Last year in August, Microsoft was called out by Amit Yoran, the CEO of the cybersecurity company, Tenable, for its poor security measures. He called the company’s track record in terms of cybersecurity “even worse than you think”
He further added that Microsoft has a“repeated pattern of negligent cybersecurity practices” which has time again and again led to several data breaches, affecting individuals, and organizations and allowing the Chinese government to spy on the US government and its citizens.
These attacks not only affected 25 organizations but also led to the theft of sensitive emails from US government officials.
He even had an example to back it up. On July 12, Microsoft talked about another data breach in Azure that was allegedly caused by Chinese hackers.
The impact of the attack was so bad that Senator Ron Wyden (D-OR) wrote a letter to the US Department of Justice urging to hold Microsoft accountable.
On top of that, Yoran allegedly discovered another security flaw in their system and notified the company about the same. But according to him, it took them 90 days to address the issue, and even then a partial fix was released which would only protect the new apps that were downloaded. The issue was soon fixed after Yoran posted about it online.
Security breaches are becoming far too common in Microsoft and many other tech companies. Hence, it’s expected that the US government will soon make it mandatory for companies to be more transparent about their security issues and disclose every hack or data breach within 4 days.