[HN Gopher] Microsoft Actions Following Attack by Nation State A...
___________________________________________________________________
Microsoft Actions Following Attack by Nation State Actor Midnight
Blizzard
Author : nycdatasci
Score : 42 points
Date : 2024-01-19 21:56 UTC (1 hours ago)
(HTM) web link (msrc.microsoft.com)
(TXT) w3m dump (msrc.microsoft.com)
| sneak wrote:
| Why does the data security industry seem to be so into obfuscated
| jargon? It's like a new industry microcosm corporatespeak.
|
| It's ok to call them countries, hackers, and intrusions.
|
| Microsoft got hacked by Russian government hackers.
| newsclues wrote:
| Because the reality is murky.
| SoftTalker wrote:
| My summary understanding of this write-up is that a weak
| password was guessed and allowed entry into an old system that
| had access to stuff it shouldn't have had access to.
| wrsh07 wrote:
| Your summary is also ambiguous. Were they hacked by the Russian
| CIA equivalent? Were they hacked by people funded by the
| Russian government? Were they hacked by people funded by senior
| government officials?
|
| I think it's possible that the truth is a little murky, and
| capturing that ambiguity is actually clearer than trying to
| wave it away
| parl_match wrote:
| > It's ok to call them countries, hackers, and intrusions.
|
| It's not if you want to do business in that country. Or if you
| annoy allies of that country (accusing certain countries might
| get senators breathing down your neck!). You are accusing a
| government of committing a crime, or at least a wildly
| unethical behavior. Those are huge charges. To your point, I
| wish they could be more direct, but...
|
| > Microsoft got hacked by Russian government hackers.
|
| It is not known whether this hacking group is private,
| government sponsored, or government run. They could be a
| private group that takes both private and government contracts.
|
| If they were funded via government channels, who was it? A
| higher up person using their personal wealth? A specific
| agency? Multiple agencies?
|
| The reason they are being so vague is because they don't know
| the answers, and it is very discrediting to throw around
| incorrect accusations.
| toss1 wrote:
| >> It is not known whether this hacking group is private,
| government sponsored, or government run.
|
| Coming from Russia, that's a distinction without a
| difference.
|
| Sure, private groups can 'freelance', but not without at
| least tacit permission from the FSB, GRU, and/or SVR (more
| accurately, cant freelance for long). Especially so for sch a
| high visibility target such as Microsoft.
|
| And when the RU govt isdues a denial, it's confirmed.
|
| But still no reason for MS to escalate the wording. They put
| enough in there that anyone with a clue knows it's serious.
| chatmasta wrote:
| At least for the "Midnight Blizzard" part of the title, it's
| the result of a naming framework [0] for threat actors that
| Microsoft has been using since April 2023. I agree it sounds
| weird.
|
| [0] https://learn.microsoft.com/en-
| us/microsoft-365/security/int...
| jstarfish wrote:
| The naming framework for these groups isn't even consistent,
| with every vendor having their own scheme. Midnight Animal to
| one vendor is Dancing Bear to another and known by Wet Cat to
| yet another.
|
| They all sound like bad translations to bargain-bin porno
| movies.
| mc32 wrote:
| Russia hacks, but so do China, North Korea, Iran and Ukraine.
| They all have bagged large targets. It could be any of them but
| could be someone else as well.
| nozzlegear wrote:
| It largely boils down to the same reason scientists classify
| animals into taxonomies. It helps to have a framework for
| classifying the groups so you can refer back to them in the
| future.
|
| Going back to my example with taxonomies: Yeah, you got bit by
| a spider, but exactly which kind of spider bit you? What do we
| know about those kinds of spiders, e.g. are they known for
| being venomous or not?
| mistrial9 wrote:
| this reminds me of guys trying to out-shout each other about who
| wants to fight the most, in front of a lot of (Ynews) onlookers
| akira2501 wrote:
| Interesting that they seem to suggest that applying security is
| now more important than avoiding service disruptions. This may be
| the hopeful dawn of a new era.
| starik36 wrote:
| > access a very small percentage of Microsoft corporate email
| accounts
|
| Ok, so far so good.
|
| > including members of our senior leadership team
|
| Ahhh, so maybe the attackers were after the senior leadership
| team and therefore stopped at the "very small percentage".
| nighthawk454 wrote:
| Seems weird to word it as "a very small percentage" instead of
| "a very small number" unless the number was a little bigger
| than they want to admit.
| BandButcher wrote:
| Haha "...access a very small percentage of Microsoft corporate
| email accounts, including members of our senior leadership team
| and employees in our cybersecurity, legal, and other functions,
| and exfiltrated some emails and attached documents."
|
| Seems like a big deal. Also, this may be why I've been getting
| massive amounts of "unusual account sign-in activity" emails for
| Microsoft about an old outlook account i no longer use...
|
| Hopefully these state actors can get access to my vsts server i
| no longer can find and deploy an old app for me ;)
| carabiner wrote:
| What does the title mean?
| nycdatasci wrote:
| The title here matches the title of their blog post, which I
| agree is poorly worded.
| nozzlegear wrote:
| I believe "Actions taken by Microsoft following an attack by a
| group named Midnight Blizzard, who are backed by a nation-
| state".
| IronWolve wrote:
| Did they release this late on a friday to downplay the scope of
| the attack?
|
| If they had top leadership accounts and service accounts hacked
| just by password protection sounds like a major security fubar.
___________________________________________________________________
(page generated 2024-01-19 23:01 UTC)