Tag: network | Page 4

Microsoft network breached through password-spraying by Russian-state hackers

January 20, 2024/in Computer Security

Russia-state hackers exploited a weak password to compromise Microsoft’s corporate network and accessed emails and documents that belonged to senior executives and employees working in security and legal teams, Microsoft said late Friday.

The attack, which Microsoft attributed to a Kremlin-backed hacking group it tracks as Midnight Blizzard, is at least the second time in as many years that failures to follow basic security hygiene has resulted in a breach that has the potential to harm customers. One paragraph in Friday’s disclosure, filed with the Securities and Exchange Commission, was gobsmacking:

Beginning in late November 2023, the threat actor used a password spray attack to compromise a legacy non-production test tenant account and gain a foothold, and then used the account’s permissions to access a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions, and exfiltrated some emails and attached documents. The investigation indicates they were initially targeting email accounts for information related to Midnight Blizzard itself. We are in the process of notifying employees whose email was accessed.

Microsoft didn’t detect the breach until January 12, exactly a week before Friday’s disclosure. Microsoft’s account raises the prospect that the Russian hackers had uninterrupted access to the accounts for as long as two months.

A translation of the 93 words quoted above: A device inside Microsoft’s network was protected by a weak password with no form of two-factor authentication employed. The Russian adversary group was able to guess it by peppering it with previously compromised or commonly used passwords until they finally landed on the right one. The threat actor then accessed the account, indicating that either 2FA wasn’t employed or the protection was somehow bypassed.

Furthermore, this “legacy non-production test…

Source…

This hacker used over a million virtual servers to create an incredibly powerful network – but then wasted it on mining crypto

January 15, 2024/in Computer Security

Ukrainian police have arrested a hacker who allegedly used compromised servers belonging to an American company to secretly mine cryptocurrencies.

The Ukrainian cyberpolice revealed the individual was able to create a million virtual servers on which he proceeded to install cryptojackers – cryptocurrency miners that try to operate in the background and without the knowledge or consent of the endpoint’s owners.

The individual, an unnamed 29-year-old man, had been allegedly active since 2021. He first brute-forced his way into 1,500 accounts of a subsidiary of “one of the world’s largest ecommerce companies” – although the name of the affected company was not disclosed.

Causing damage

After brute-forcing his way into the devices, the criminal created a million virtual computers and installed the cryptocurrency miners. Everything he managed to mine, he moved using the TON wallet. The police claim the volume of the transactions amounted to approximately $2 million.

The hacker was arrested on January 9, during which the police confiscated computer equipment, bank and SIM Cards, electronic media, and other evidence. He is now facing criminal charges.

To successfully mine cryptocurrencies, a person would need a high-end computer and an internet connection. Mining the tokens is a compute-heavy operation, which makes the computer practically useless for anything else. Furthermore, the operation uses a lot of electricity, too, racking up the energy bill quickly.

That’s why hackers often try to compromise corporate servers – they’re powerful devices that can mine plenty of coins, while leaving the headache of the electricity bill to someone else.

Furthermore, while the servers are too occupied mining the coins, they are too slow to be used for their original purpose, which increases the expenses for the victim company even further. Those are just some of the reasons why some analysts claim that for every $1 of cryptocurrency mined, the victim suffers roughly $53 in damages.

Hackers usually use cryptojackers to mine Monero (XMR), a privacy-oriented coin which, allegedly, is practically untraceable. XMRig is one of the most popular cryptominers out there.

Via:

Source…

Ukraine says Russian hackers penetrated major telecoms network for months – POLITICO

January 4, 2024/in Internet Security

Russian hackers were inside Ukrainian telecoms giant Kyivstar’s system from at least May last year in a cyberattack which crippled its services in December, Ukraine’s top cyber spy said.

In an interview with Reuters published Thursday, Illia Vitiuk, head of the Security Service of Ukraine’s cybersecurity department, said: “This attack is a big message, a big warning, not only to Ukraine, but for the whole Western world to understand that no one is actually untouchable,” adding it wiped “almost everything,” including thousands of virtual servers and PCs.

The attack caused more than 24.3 million Kyivstar customers to lose phone reception, with banks reporting disruptions to their services and Ukrainians in the country’s eastern war zone being left without a connection. Vitiuk has attributed the attack to Sandworm, a Russian military intelligence cyberwarfare unit which has been linked to cyberattacks in Ukraine and elsewhere.

“For now, we can say securely, that they were in the system at least since May 2023,” Vitiuk said, adding, “I cannot say right now, since what time they had … full access: probably at least since November.”

In a video statement in December, Kyivstar CEO Oleksandr Komarov said: “Unfortunately, the war with Russia has several dimensions. One of them is in cyberspace.”

Source…

Hackers break into Fred Hutch computer network, patients warned to watch accounts

December 4, 2023/in Computer Security

Hackers broke into the computer networks at Fred Hutchinson Cancer Center two weeks ago.

The cancer center says it detected unauthorized activity Nov. 19. It’s now telling patients to monitor their bank statements and credit reports.

The breach happened on the clinical network. Fred Hutch has not revealed more details about what data was hacked, but says it will notify people whose information was involved.

The incident is being treated as a possible federal crime. The center has called in a forensic security firm to investigate, and notified federal law enforcement.

Clinics remain open but the clinical computer network used by personnel was taken offline for security.

The center tells patients to report any suspicious bank activity and to review identity theft prevention tips by the Federal Trade Commission.

Source…

Tag Archive for: network