27 Malicious PyPI Packages with Thousands of Downloads Found Targeting IT Experts
An unknown threat actor has been observed publishing typosquat packages to the Python Package Index (PyPI) repository for nearly six months with an aim to deliver malware capable of gaining persistence, stealing sensitive data, and accessing cryptocurrency wallets for financial gain.
The 27 packages, which masqueraded as popular legitimate Python libraries, attracted thousands of downloads, Read More
The Hacker News | #1 Trusted Cybersecurity News Site
Razes investigates data breach claims, resets user sessions
Gaming gear company Razer reacted to recent rumors of a massive data breach with a short statement on Twitter, letting users know that they started an investigation into the matter. […] Read More
Russian Spies Hacked Microsoft Email Systems & Stolen Source Codes
[[{“value”:”
Microsoft has disclosed that Russian government hackers, identified as the group Midnight Blizzard, have successfully infiltrated its corporate email systems and stolen source codes.
The tech giant recently discovered unauthorized access attempts that were made using information obtained from a previous hack that took place last year. This ongoing cyberattack highlights the continuous threat caused by nation-state actors and raises serious concerns regarding the security of crucial technological infrastructure.
Microsoft’s announcement on March 8, 2024, detailed that Midnight Blizzard, also known as APT29 or Cozy Bear, utilized information initially exfiltrated from the company’s corporate email systems to gain unauthorized access to its internal systems, including source code repositories.
This breach is part of a series of intrusions that began in November of the previous year, targeting the corporate email accounts of senior leadership and employees across various departments, including cybersecurity and legal functions.
The hackers seem to have multiple objectives, including stealing valuable source codes and gathering intelligence on Microsoft’s knowledge about their operations.
The breach has prompted Microsoft to file a report with the U.S. Securities and Exchange Commission, highlighting the severity of the situation and the potential implications for the company’s security posture and reputation.
Document
Integrate ANY.RUN in your company for Effective Malware Analysis
Malware analysis can be fast and simple. Just let us show you the way to:
Interact with malware safely
Set up virtual machine in Linux and all Windows OS versions
Work in a team
Get detailed reports with maximum data
If you want to test all these features now with completely free access to the sandbox:
Midnight Blizzard’s Tactics
Midnight Blizzard gained access to Microsoft’s systems through a sophisticated cyberattack that began in late November 2023.
The group used a password spray attack to compromise a legacy non-production test tenant account within Microsoft’s environment.
This type of attack involves trying common passwords against many accounts to avoid triggering account lockouts.
Once they had a foothold, they used the account’s permissions to access a small percentage of Microsoft corporate email accounts, including those of senior leadership and employees in cybersecurity, legal, and other functions.
The attackers exfiltrated emails and attached documents from these accounts. The investigation suggests that Midnight Blizzard was initially targeting email accounts for information related to their own operations, likely as a counterintelligence effort to understand what Microsoft knew about them.
After the initial breach, Midnight Blizzard used the information they had exfiltrated to attempt further unauthorized access to Microsoft’s internal systems, including source code repositories.
Microsoft detected an increase in password spray attacks by up to tenfold in February 2024 compared to the volume seen in January, indicating a significant escalation in the group’s activities.
Microsoft has stated that there is no evidence that customer-facing systems have been compromised.
“The threat actor’s ongoing attack is characterized by a sustained, significant commitment of the threat actor’s resources, coordination, and focus. Our active investigations of the threat actor’s activities are ongoing, findings of our investigations will continue to evolve, and further unauthorized access may occur,” Microsoft said.
Microsoft has ramped up its security investments and cross-enterprise coordination to defend against these sophisticated threats.
The company has implemented enhanced security controls, detections, and monitoring to secure and harden its environment against Midnight Blizzard’s activities.
Microsoft’s proactive measures also involve reaching out to customers potentially affected by the breach to assist them in taking mitigating measures.
Microsoft’s commitment to transparency and sharing findings from its investigations reflects its dedication to addressing the cybersecurity challenges posed by nation-state actors.
The breach of Microsoft’s corporate email systems and the theft of source codes by Russian spies represents a significant cybersecurity event with far-reaching implications.
Midnight Blizzard’s tactics highlight the sophisticated and resource-intensive nature of nation-state cyber espionage efforts.
History of Midnight Blizzard APT Group
Midnight Blizzard is a Russian state-sponsored cyber espionage group known by names such as APT29, Nobelium, Cozy Bear, and several others. It has been active for many years, engaging in sophisticated cyber operations to collect intelligence to support Russian foreign policy interests.
Notable Cyber Attacks by Midnight Blizzard
SolarWinds Supply Chain Attack (2020): One of the most significant and sophisticated cyber espionage campaigns attributed to Midnight Blizzard was the SolarWinds attack. This operation compromised the software supply chain of SolarWinds, a company that provides network monitoring and other IT services. The attack led to the breach of more than 18,000 customer organizations, including several US government agencies and private sector companies.
Democratic National Committee Hack: Midnight Blizzard, along with another Russian APT group (APT28), was involved in the cyber attacks against the Democratic National Committee (DNC) during the 2016 US Presidential Elections. These operations aimed to interfere with the election process and collect intelligence.
Hewlett Packard Enterprise (HPE) Breach: In December 2023, HPE disclosed that Midnight Blizzard had gained unauthorized access to its Microsoft Office 365 email system since May 2023. The attackers targeted mailboxes belonging to individuals in HPE’s cybersecurity, go-to-market, business segments, and other functions, exfiltrating sensitive data.
With Perimeter81 malware protection, you can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits. All are incredibly harmful and can wreak havoc on your network.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.
Beyond Threat Detection – A Race to Digital Security
Digital content is a double-edged sword, providing vast benefits while simultaneously posing significant threats to organizations across the globe. The sharing of digital content has increased significantly in recent years, mainly via email, digital documents, and chat. In turn, this has created an expansive attack surface and has made ‘digital content’ the preferred carrier for cybercriminals Read More