MORALLY INDEFENSIBLE BY BRADLEY MILBURN

 MORALLY INDEFENSIBLE 


Microsoft, On January 12th detected an uninvited & dangerous guest in its IT systems. Within a few days it attributed the raid on emails of its “senior leadership” and cybersecurity team to Russia’s Foreign Intelligence Service. 


The group has been attacking IT service providers in both Europe and the US.


On 25 January, Microsoft published a quick analysis of how Russia's Foregin Intelligence Service hit its systems and said it was notifying other victims.


Below is an understanding of what has happened, some informed speculation about the attackers’ lateral movement that may be useful for network defenders.


1. Russia's Foregin Intelligence Service  breached a Microsoft “test tenant” account. It was left sitting with no MFA and without a robust password. They tailored their “password spray” attacks to a limited number of accounts, using a low number of attempts to evade detection and avoid blocks based on the volume of failures. They attacked through a “distributed residential proxy infrastructure”. Routing traffic through a “vast number” of IP addresses to evade detection. Eventually they had it cracked.


2. Once they compromised a user account, they found a “legacy” test OAuth application that had “elevated access to the Microsoft corporate environment.” The name of the application is yet unkown. The Russia's Foregin Intelligence Service then put together new malicious OAuth applications, Then a new user account to grant consent to them and landed the Office 365 Exchange Online ''full_access_as_app role'' which in turn allows access to mailboxes.


Microsoft are yet to disclose a full report of the entire case.


Opinion: I found this case very interesting, hopefully soon there will be more information disclosed, I dont think the Microsoft security professionals would leave such an easily fixable & honestly quite blatant access point for potential threats.

Comments

Post a Comment

Popular posts from this blog

UNDERSTANDING THE CYBER KILL CHAIN BY BRADLEY MILBURN

Image
    Understanding the Cyber Kill Chain By Bradley Milburn   The cyber kill chain is a framework developed by Lockheed Martin to describe the stages of a cyber attack. It breaks down the process into distinct phases, which helps organizations understand how attacks unfold and how they can be detected and mitigated at each stage. The traditional cyber kill chain consists of seven stages:   1 . Reconnaissance  - The attacker gathers information about the target, such as identifying potential vulnerabilities, gathering email addresses, and understanding the network architecture. Passive Examples: -     Whois -     Google -     Job listings -     Company website Active Examples: -     Nmap -     Port scanning -     Banner grabbing -     Vulnerability scanners (APT’s tend to do this over a long period of time to better avoid detection)   Ways to protect to a business network: -     Network Security - Firewall Configuration, Intrusion Detection Systems (IDS), Disa...
Read more

THE GRAND ATTACK (MGM)

THE GRAND ATTACK (MGM) In September 2023, MGM Resorts, the world famous hotel and casino chain, faced a cyber attack launched by hacker groups ALPHV and Scattered Spider. The hacker groups used social engineering tactics to enter MGM’s systems, which resulted in a huge ransomware attack.  This attack led to critical operational disruptions, such as disabling online reservation systems, digital room keys, slot machines, and websites. The impact of this attack extended for ten days, causing significant losses for MGM Resorts. Also, concerns arose of a potential data breach that could have involved personally identifiable information (PII) of MGM customers, employees, and vendors. ALPHV, one of the hacker groups, released a statement, “Setting the record straight” on September 14, 2023. In the statement, ALPHV provided details on their strategies and involvement in the cyberattack, shedding light on the events surrounding this breach. The incident showcases the significance of organiz...
Read more