At a glance.
- Microsoft targeted by Cozy Bear.
- Suspected Chinese threat actor exploits VMware vulnerability.
- US FTC bans another data broker from selling location data.
- North Korean threat actor targets cybersecurity researchers.
Microsoft targeted by Cozy Bear.
Microsoft has disclosed in an SEC filing that email accounts belonging to its senior executives were compromised by the Russian state-sponsored threat actor "Midnight Blizzard" (also known as "APT29" or "Cozy Bear") in November 2023, GovInfoSecurity reports. The US government has tied this threat actor to Russia's Foreign Intelligence Service, the SVR.
Microsoft said in its filing, "Beginning in late November 2023, the threat actor used a password spray attack to compromise a legacy non-production test tenant account and gain a foothold, and then used the account’s permissions to access a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions, and exfiltrated some emails and attached documents. The investigation indicates they were initially targeting email accounts for information related to Midnight Blizzard itself. We are in the process of notifying employees whose email was accessed."
The company added, "The attack was not the result of a vulnerability in Microsoft products or services. To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems. We will notify customers if any action is required."