Back in January 19th, Microsoft posted an entry in their blog about the company detecting a "nation-state attack" on January 12th that affected several of their systems. Back in January, Microsoft worked on mitigating, disrupting and investigating the attack, which according to Microsoft's investigations, led to the threat actor being Midnight Blizzard, a Russian state-sponsor actor that also goes by the name of NOBELIUM.

According to their initial blog post, the way in which the attackers gained access to Microsoft's systems was through a password spray attack, then gaining access to a portion of corporate Microsoft email accounts, but back then they assessed that the attack didn't show evidence of any stolen assets or data, but unfortunately for them, an update on the situation states the opposite.

In a new blog post just released minutes ago, Microsoft has stated that, with the elevated access they gain during the hack, the attackers accessed Microsoft's source code repositories and internal systems, with Microsoft claiming that one of the potential goals is to use the company's secrets, to which some of these have been shared with some of Microsoft's customers via email.

Additionally, Microsoft mentions that Midnight Blizzard's attacks seems to have increased during February, and that they will continue to work on mitigating and investigating the attacking activities.

Source

 

[dragonmaster]

Russia needs desperately be disposed of.
Its a failed state by all accounts, only surviving because of the number of people there.

I suggest you get off the internet. It clearly is not helping your intelligence.

well living in a country free of propaganda and coming from an era where cold war was over till recently makes me a sceptical person to all those claims, i am sorry you cant think beyond the box....

Post automatically merged: Mar 11, 2024

I suggest you get off the internet. It clearly is not helping your intelligence.

as for my intelligence i have 2 degrees from universities and a master from scholarship . therefore if my opinion seems idiocy for you learn to cope that not all world share the same opinion for all depending on what the media serves

 

[Sir Tortoise]

well living in a country free of propaganda and coming from an era where cold war was over till recently makes me a sceptical person to all those claims, i am sorry you cant think beyond the box....]

A sceptical person would maybe actually look into the claims instead of presenting their inability to Google as an argument. Here, I'll save you the trouble:

https://en.wikipedia.org/wiki/Cozy_Bear

Multiple countries, agencies, cyber security companies are in agreement this comes from Russia. This is based on analysis of the attacks themselves and actually just their own efforts to infiltrate and spy on the group.

If you wish to suggest all this evidence across several years, multiple countries, and god knows how many people is falsified, you will need to back that up instead of hiding behind a question mark.

 

[Dax_Fame]

Well said, some MMOHNS games back in the day didn't have any kind of that "anti-cheat" crap and they could function and prosper. Even if there was a cheater or two, it wasn't a big deal, one report button was everything needed to grab someone's attention that maybe a player is playing a bit against the rules? Heck some games even allowed some 3rd party scripts as long as they weren't obviously stepping outside the bounds. Today almost all MMOHNS have some kind of "anti-cheat" which does NOT solve the problem, but sure as hell makes the gameplay more problematic because it spies, takes some chunk of PC's performance, treats all the players like criminals "just in case" and makes the game unplayable on Linux for reasons I have already mentioned. Best part is that such "anti-cheat" junks are against the law in most - if not all - countries but you know as it is, big company is allowed BECAUSE it's THE big company.

Ahh the good old days... When encountering a hacker was a rare and sometimes entertaining experience (up until they were promptly taken care of) and using mods/scripts!

I'm afraid the incentive to cheat is too high these days with all of the money involved. Such a shame.

 

[dragonmaster]

A sceptical person would maybe actually look into the claims instead of presenting their inability to Google as an argument. Here, I'll save you the trouble:

https://en.wikipedia.org/wiki/Cozy_Bear

Multiple countries, agencies, cyber security companies are in agreement this comes from Russia. This is based on analysis of the attacks themselves and actually just their own efforts to infiltrate and spy on the group.

If you wish to suggest all this evidence across several years, multiple countries, and god knows how many people is falsified, you will need to back that up instead of hiding behind a question mark.

And we are sure that russia was behind...isnt it strange that always the bad people are russian or asian , i live in a country that has both russians , ukraine people and israel people with no demonizing each other as presented over media in usa , we in europe we have a long history of mistrusting news as easilly presented one sided, i imagine many hacker groups are also endorsed from usa but are not presented in internet wikipedia... I cant accept polarization , in the end it does harm to the people ...

 

[Sir Tortoise]

And we are sure that russia was behind...isnt it strange that always the bad people are russian or asian , i live in a country that has both russians , ukraine people and israel people with no demonizing each other as presented over media in usa , we in europe we have a long history of mistrusting news as easilly presented one sided, i imagine many hacker groups are also endorsed from usa but are not presented in internet wikipedia... I cant accept polarization , in the end it does harm to the people ...

Yes, we are sure it's Russia. You are correct that we are far less likely to hear about the hacking done against Russia, but that doesn't mean Russia isn't doing it or that their efforts are equivalent. It's also quite possible for there to be multiple instances of "bad people" stuff coming from the same country, like, it happening multiple times isn't evidence against it.

 

[GengarsGhostlyGiggles]

microsoft is a huge evil, so screw them!

 

[Mythrandir]

Wouldn't a password spray attack be thwarted by MFA?

 

[Dungeonseeker]

That comment shows that you are complete clueless what this could lead to..
IF they launch some kind of attack using source code for Windows, the whole world is going to get affected.
Dont even think that you will not be affected by such attack even i you are not in the west.

LMAO, I don't think you quite understand how things work on the nation level. You think the Russians are gonna hack MS to create some hospital malware and gain access to a few government lackey workstations?

Governments operate on a totally different scale and they tend to think a bit bigger than "pose a slight inconvenience for a fairly limited amount of time until the techs can restore backups and everyone just carries on". Last time we saw an actual zero day hoarded by an alphabet agency it was so bad it lead to the biggest malware attack in history and took MS killing the protocol to stop it fully which you might think kinda cements your point but you're failing to recognise that the NSA had eternal blue sat in a lab for many many years before it was leaked, it was the public who turned it into Wannacry, we have no idea what the NSA used it for.

The Russian government has no interest in attacking western hospitals, why make yourself a target when its much more effective to target the individuals and run guerrilla hit pieces from the shadows? You attack the right people in the right way and you have a much bigger impact on things than you ever will by attacking the public. Remember, its an election year over in the US and here in the UK, that's how they effect change.

 

[xdarkmario]

someone needs to hack nintendo, humble that massive ego if theirs

 

[Dungeonseeker]

someone needs to hack nintendo, humble that massive ego if theirs

Google "The GigaLeak".....

Didn't change anything.

 

[vstar950]

Potentially very damaging. A lot of government agencies and contractors use Microsoft accounts/services.

That shows how much they really care about our safety and security. Any large agency or large company should be using Linux only. So the fact that the government says they are for our protection is a joke. Just like the spam calls that we get on our phone. if the government really cared this would not be happening in our country. I would say a high probability is that our government is also involved and is getting a portion of the money they are stealing from the elderly and other people that are naive and those believing these spam calls.

 

[xdarkmario]

Google "The GigaLeak".....

Didn't change anything.

no i mean again...and again... and again over and over onslaught of DDos until nintendo stops

 

[iSubaru]

That shows how much they really care about our safety and security. Any large agency or large company should be using Linux only. So the fact that the government says they are for our protection is a joke. Just like the spam calls that we get on our phone. if the government really cared this would not be happening in our country. I would say a high probability is that our government is also involved and is getting a portion of the money they are stealing from the elderly and other people that are naive and those believing these spam calls.

More than that, any software involved in business should NOT be available for Windows because it is NOT safe OS.
Okay one step at a time, first of all business software having ALSO Linux release for those who take this seriously and then slowly going towards "okay we will be ending Windows support because it's bad." kind of approach.
Imagine this, Windows + Adobe required for official - kinda government - stuff that citizen must send.

On positive side I think any self-respecting bank is not using Windows on the internal part that is responsible for anything between the bank and the client. The workers in the bank may have Windows "because it's easy to use" but even then I wouldn't be so sure if it is used because well it's freaking stupid.

Back to the negative side again. Do you know what runs on the self-checkout points? You guessed it! Windows, sometimes with Java being the front "UI". So yeah Windows is in so many places it shouldn't have been EVER let in it's giving me headache.

 

[vstar950]

More than that, any software involved in business should NOT be available for Windows because it is NOT safe OS.
Okay one step at a time, first of all business software having ALSO Linux release for those who take this seriously and then slowly going towards "okay we will be ending Windows support because it's bad." kind of approach.
Imagine this, Windows + Adobe required for official - kinda government - stuff that citizen must send.

On positive side I think any self-respecting bank is not using Windows on the internal part that is responsible for anything between the bank and the client. The workers in the bank may have Windows "because it's easy to use" but even then I wouldn't be so sure if it is used because well it's freaking stupid.

Back to the negative side again. Do you know what runs on the self-checkout points? You guessed it! Windows, sometimes with Java being the front "UI". So yeah Windows is in so many places it shouldn't have been EVER let in it's giving me headache.

I have just made the move over to 100% Mx linux. So long windows!! I flush my in memory or MS! So long!