Microsoft internal systems hacked by Russian group

Hanno Labuschagne

Journalist
Staff member
Joined
Sep 2, 2019
Messages
5,401
Microsoft internal systems hacked by Russian group

Microsoft Corp. said a Russian-linked hacking group attacked its corporate systems, getting into a “small number” of email accounts, including those of senior leadership and employees who work in cybersecurity and legal.

The company said it’s acting immediately to fix older systems, which will probably cause some disruption.

[Bloomberg]
 
How is it that all these mega tech companies get so easily hacked. I would have thought they would have the best of best security and what not. I am honestly amazed not more banks gets hacked and drained of funds.
 
How is it that all these mega tech companies get so easily hacked. I would have thought they would have the best of best security and what not. I am honestly amazed not more banks gets hacked and drained of funds.

The best security they can get at the lowest price they can get it at.

Also people who are happy to leave their house key under a mat or in a clearly fake rock and do similar things with their passwords.
 
How is it that all these mega tech companies get so easily hacked. I would have thought they would have the best of best security and what not. I am honestly amazed not more banks gets hacked and drained of funds.
I don't think it's easily.
 
OK, who else has 'Cyber Attack' listed on their 2024 BINGO card?

2024.png
 
How is it that all these mega tech companies get so easily hacked. I would have thought they would have the best of best security and what not. I am honestly amazed not more banks gets hacked and drained of funds.
They all do but hide it unless they know it is impossible to keep under wraps (like in this instance).
 
The best security they can get at the lowest price they can get it at.

Also people who are happy to leave their house key under a mat or in a clearly fake rock and do similar things with their passwords.
I still leave my car keys and wallet under my plakkies when I go for a swim at the beach. No criminal has discovered this.
 
They can get into those accounts they could get into Outlook.com too. Will Google or Microsoft ever publicly report if services like Gmail or Outlook are or were 'temporarily' exposed?

I read their blog post about Midnight Blizzard, and I am interested in what they say about a compromised legacy non-production test tenant account. I understand that these were spray attacks, but they targeted a non-production tenant account. I want to know why this tenant was exposed. A tenant account is located within a cluster (or otherwise a multi-tenancy) environment. Why did a non-production tenant account have higher privileges and was able to access other production tenants?

Could this compromise be from the inside out? I have heard off some ugly vulnerabilities in the XaaS space or more specifically SaaS where tenants in a multi-tenancy system are a mess. Even worse when they share a database... CDNs are becoming just as vulnerable.

Just an odd situation for MS, and from their blog there seems to be some gaps.
 
Microsoft still using XP internally?

Legacy could mean anything in this context. From older infrastructure to unsupported software, all the way to grandfathered rules and privileges amongst a variety of other things.
 
Back
Top