The attack was first detected on January 12th, and Microsoft in its initial investigation attributed the attack to the Russian threat actors, known famously as Nobelium or APT-29.
Microsoft informs that the threat actors launched the attacks in November 2023, in which they carried out a password spray attack in order to access a legacy non-production test tenant account.
Password Spray Attack
A password spray attack is a type of brute force attack where threat actors collect a list of potential login names and then attempt to log in to all of them using a particular password. If that password fails, they repeat this process with other passwords until they run out or successfully breach the account.
Since the hackers were able to access accounts using a brute force attack, it is clear that it lacked two-factor authentication or multi-factor authentication.
Microsoft claims that after taking control of the “test” account, the Nobelium hackers utilized it to access a “small percentage” of the company’s email accounts for more than a month.
It is still unclear why a non-production test account would have the ability to access other accounts in Microsoft’s corporate email system unless the threat actors
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.