HPE’s corporate emails breached by Russian state-sponsored actor ‘Cozy Bear’

It’s not known if this is part of a coordinated campaign targeting US tech giants, or if it was separate factions within Midnight Blizzard or Cozy Bear working on unique missions.

“Beginning in late November 2023, the threat actor used a password spray attack to compromise a legacy non-production test tenant account and gain a foothold, and then used the account’s permissions to access a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions, and exfiltrated some emails and attached documents,” Microsoft said in a blog post disclosing the attack.

Password spraying is a brute-force cyberattack where attackers use a common password across many accounts to bypass lockout policies.

“The recent Microsoft breach and disclosure brings to the forefront two challenges: no one is immune (even global organizations) from threat actors, and as an organization, it will take time to put any fixes in place,” said Ravi Srinivasan, CEO, of cyber security firm Votiro. “Anytime a threat is detected, it’s costly and time-consuming to remediate.”

Two-factor authentication (2FA) mitigates password-spraying attacks by adding an extra layer of security beyond just the password.

“This was a pretty simple kind of an attack… something that could have been prevented by two-factor authentication, Microsoft was not enforcing its own policies on certain systems,” Alex Stamos, an executive at SentinelOne and former Facebook CSO, told CNBC.