Microsoft to overhaul internal security practices after Midnight Blizzard attack

1 Min Read
Microsoft to overhaul internal security practices after Midnight Blizzard attack

Dive Brief:

  • Microsoft plans to make significant changes to its internal security practices after disclosing a hack by the state-sponsored threat group Midnight Blizzard, which stole emails and other data from senior-level Microsoft executives and other employees, the company said Friday in a filing with the Securities and Exchange Commission.

  • The hackers compromised a legacy non-production test tenant account to gain access to the company, Microsoft said. The threat actor used the account’s permissions to reach a “very small percentage” of emails and attachments of senior executives and employees in the cybersecurity, legal and other departments.

  • The actor, formerly known as Nobelium, was behind the 2020 Sunburst attacks against SolarWinds and other companies. U.S. authorities raised alarms about Midnight Blizzard in December after the actor was found exploiting unpatched vulnerabilities in JetBrains TeamCity servers across the globe.

Dive Insight:

Security researchers and other analysts say the attack raises serious questions about the security of Microsoft products and whether the company is employing the same practices internally that it demands of customers.

To read the complete article, visit Cybersecurity Dive.

 

 

 

Subscribe to receive Urgent Communications Newsletters
Catch up on the latest tech, media, and telecoms news from across the critical communications community