Microsoft network breached through password-spraying by Russian-state hackers
Microsoft network breached through password-spraying by Russian-state hackers
Senior execs' emails accessed in network breach that wasn't caught for 2 months.
This is the best summary I could come up with:
The attack, which Microsoft attributed to a Kremlin-backed hacking group it tracks as Midnight Blizzard, is at least the second time in as many years that failures to follow basic security hygiene has resulted in a breach that has the potential to harm customers.
A translation of the 93 words quoted above: A device inside Microsoft’s network was protected by a weak password with no form of two-factor authentication employed.
The Russian adversary group was able to guess it by peppering it with previously compromised or commonly used passwords until they finally landed on the right one.
As Steve Bellovin, a computer science professor and affiliate law prof at Columbia University with decades of experience in cybersecurity, wrote on Mastodon:
The age of Microsoft doing tents, incident code words, CELA’ing things and pretending MSTIC sees everything (threat actors have Macs too) are over — they need to do radical technical and cultural transformation to retain trust.
CELA is short for Corporate, External, and Legal Affairs, a group inside Microsoft that helps draft disclosures.
The original article contains 581 words, the summary contains 173 words. Saved 70%. I'm a bot and I'm open source!