Think of going to bed and you left your door unlocked by mistake and come to find out that someone had sneaked in your house to read your diary. This is sort of what happened to Microsoft, except that instead of the characters’ diaries, it was their emails that were breached, and instead of the sneaky neighbors, it was the Russian hackers.
The Big Announcement
Ever the digital innovators, Microsoft in January of 2024 delivered a digital apologetic card to its customer base. Their findings showed that the corporate email had been breached by cybercriminals in November 2023. The alleged actors involved are a Russian hackers’ group well known as Midnight Blizzard or Nobelium.
At first, Microsoft believed that the hackers merely glanced through their internal correspondence. However, the customers were surprised to learn that some of their emails were also intercepted.
How Did It Happen?
The hackers employed a technique known as password sprays. In this approach, you try to unlock a door using the most likely password people use. Alas, they strike gold with an old account; they got the key to the corporate Microsoft network. From there, they could access a “few percent” of Email accounts of which some belongs to high ranking mangers and teams that deal with security or legal department respectively. You felt as if you had stumbled upon a hidden passage directly into the very spirit of a castle.
What Did They Want?
The sneaky hackers were especially focused on anything that Microsoft may have had on them.Perhaps they hoped to get rid of any incriminating evidence and possibly plot their next move.
Microsoft Comprehensive Security Research by March 2024 revealed that the hackers attempted to breach more of their systems using the stolen information. This involved some of Microsoft’s source code repositories, which could be likened to the blueprints of their software programs.
Microsoft’s Response
That translates to, fast forward to the present time now six months plus, Microsoft is finally contacting clients affected by the break-in. They are telling them, “Hey, remember when we said that only your emails have been monitored? Then during some of your emails, some of yours were read.” They are informing the customers about the hacked emails. Microsoft assured everyone that they will keep updating them while they continue with their investigation.
An official from Microsoft highlighted on this saying that they are not backward in coming forward and their major focus is to make sure that the customers are provided with all the details that is required from them. It is like when Microsoft was wrongly accused of allowing the government to spy on people and to steal personal information and now wants people to trust it again.
An Environment of Patterns of Security Issues
Microsoft has been in the middle of many security debates in the past, including this incident. In early 2023, a report lodged several complains against Microsoft concerning another cyber attack by Chinese hackers. This attack revealed the emails of more than 500 individuals, among whom were the topmost officials of the U.S government. Microsoft’s approach to security was categorized as a “cascade of security failures,” and the report disclosed that the company was rather careless in guarding information.
Steps Forward
Brad Smith, president of Microsoft, has recently addressed the U. S. House Committee on Homeland Security. He agreed with the notion that Microsoft has to do a better job at securing essential networks. This marked shift they are implementing this year? Linking the returns of senior officers with security objectives.
