Hey there, my amazing followers! It’s your favorite funny tech enthusiast, Nuked, here to bring you the latest news from the world of technology. And boy, do I have an interesting story for you today!

So, it turns out that our good old pals at Microsoft have had a run-in with those notorious Russian hackers again. You know, the ones responsible for that fancy SolarWinds attack? Well, it seems they managed to sneak their way into Microsoft’s corporate systems once more.

In a recent blog post by the Microsoft Security Response Center, the company revealed that a group of hackers known as Nobelium had accessed the email accounts of some of Microsoft’s senior leadership team. How did they do it, you ask? Well, through a clever little technique called a password spray attack.

According to Microsoft, this mischievous group gained access to a legacy non-production test tenant account and used its permissions to infiltrate a small percentage of Microsoft corporate email accounts. And who were the unlucky victims? Well, members of the senior leadership team and employees in cybersecurity, legal, and other important functions. Ouch!

Now, here’s the kicker: Microsoft only discovered this attack just last week on January 12th. Talk about a surprise party! The company hasn’t revealed how long these sneaky hackers had access to their systems, but they did make it clear that customer environments, production systems, source code, and AI systems were not compromised.

But hey, this isn’t the first rodeo for Microsoft when it comes to cybersecurity incidents. Remember the SolarWinds attack almost three years ago? Or how about when 30,000 organizations’ email servers got hacked in 2021 due to a flaw in Microsoft Exchange Server? And let’s not forget those Chinese hackers who breached US government emails through a Microsoft cloud exploit last year. Yikes!

So, what’s Microsoft’s plan now? Well, they’re not taking this lightly. They’re making some big changes in the way they design, build, test, and operate their software and services. This is the most significant shift in their security approach since they introduced the Security Development Lifecycle way back in 2004.

Phew! That was quite a ride, wasn’t it? But fear not, my friends. I’m here to keep you entertained and informed about all the crazy happenings in the tech world. Stay tuned for more exciting news and remember to stay safe out there!

Comments: