Microsoft Shares New Guidance in Wake of ‘Midnight Blizzard’ Cyberattack
In its Jan. 19 blog initially disclosing the attack, Microsoft described Midnight Blizzard as having gained initial access to its environment via a legacy, non-production test account that the threat actor compromised via a password spray attack. Further investigation by the company —detailed in its latest blog this week — showed that Midnight Blizzard actors used a “vast number” of legitimate residential IP addresses to launch their password spray attacks against targeted accounts at Microsoft, one of which happened to be the test account they compromised. The threat actors use of the residential proxy infrastructure for its attacks helped obfuscate their activity and evade detection, Microsoft said.
Reference: Jan. 19 blog initially disclosing the attack | Further investigation by the company —detailed in its latest blog this week
Notice: EntreBase Trust & Safety; Threat Advisory information is monitored daily and continuously updated, maintained, and populated by industry-leading Vulnerability and Threat Intelligence sources containing over 12,000 records for vulnerabilities in Email Security, Website Security, WordPress plugins, themes, and core. The database is actively maintained by a team of highly credentialed and industry-leading vulnerability researchers and analysts with dozens of vulnerabilities added per week.
Did you find this article helpful? Please share below and let us know via LinkedIn or Twitter as we would love to hear from you.
