Tuesday, October 20, 07:53
Home security Microsoft: 6 different hacker groups invade the business network

Microsoft: 6 different hacker groups invade the business network

Microsoft's first report by the Detection and Response Team (DART), which helps clients with serious cyber problems, details a case of a large client with six different hacker groups simultaneously on its network, including a state-funded hacker group that stole data and emails for 243 days.

The company announced DART in March 2019 as part of its $ 1 billion cost-push business announced by the CEO Satya Nadella the 2017.

Without disclosing customer names, Microsoft intends to publish regular updates on DART activities to show how hackers work.

The first report details one APT intruder who stole admin credentials to infiltrate the target's network and steal sensitive data and emails.

In particular, the client did not use Multi-Factor Authentication (MFA), which could have prevented the breach. Microsoft revealed last week that 99,9% of compromised accounts did not use MFA and only 11% of businesses use MFA.

DART was introduced after the customer failed to fly an attacker APT out of network after 243 days, despite hiring an incident response vendor seven months earlier. The hacker was removed from the system the day the Microsoft team arrived. It also discovered that five other threat groups were in the network.

In this case, the main attacker used one password-spraying attack to grab the Office 365 client's admin credentials and from there he was looking for mailboxes to find out more credentials shared with employees by email. DART found that the attacker was seeking intellectual property licenses in some markets.

The attacker even used the client's e-discovery tools to automate the search of the relevant emails.

According to Microsoft, the company in the first month of the attack tried to handle its own account Office 365, and then brought in an incident response company to lead to what turned out to be a long investigation.

Microsoft Office updates: Fix issues in Word and Skype

"This investigation lasted more than seven months and revealed a possible compromise of sensitive information stored in Office 365 mailboxes. 243 days after the initial invasion, DART took over with the management company hired by the company," says Microsoft.

“DART quickly identified targeted searches of mailboxes and compromised accounts, as well as command and intrusion control channels. DART also identified five additional ones invaders campaigns who insisted they had nothing to do with the original incident. even earlier to create access channels (eg rear doors) for later use as needed. ”

Microsoft outlines five key steps organizations can use to minimize their exposure to APT attackers, including enabling them MFA, its removal authentication legacy, proper first responders training, proper incident logging with a security, information and event management product and recognition that intruders use legitimate administrative and security tools to identify targets.

The blog offers the same message it gave customers who have been the victims of major ransomware groups last week: customers need to activate the available security tools and focus on recording security incidents.

Microsoft covered the work of ransomware operators REvil, Samas or SamSam, Doppelpaymer, Bitpaymer and Ryuk. It details how attackers deactivate security software and note that some clients even deactivate security software to improve security. performance, allowing cybercriminals to roam the networks for months without authorization.


Please enter your comment!
Please enter your name here

Teo Ehc
Teo Ehchttps://www.secnews.gr
Be the limited edition.


Windows 10: Microsoft has released a new task manager for gamers

If your computer games are slow or slow, you can free up resources in Windows 10 using the new task manager ...

NASA's Osiris-Rex is expected to land on the asteroid Bennu tomorrow

NASA's Osiris-Rex spacecraft will land on a large asteroid for a while on Tuesday and will collect some rocks and ...

How to turn off all vibrations on your iPhone completely

Some people are particularly sensitive to the vibrations of their iPhone, either for personal or medical reasons. Thanks to...

How to convert Keynote presentations to Microsoft PowerPoint

Apple presentation software does all the hard work when converting a PowerPoint presentation to Keynote. Doing the opposite, ...

QAnon Conspiracy Theories: YouTube removes them from the platform

YouTube is the latest social networking site to launch a campaign against the spread of QAnon conspiracy theories.

Vizom: New malware hijacks bank accounts

Vizom disguises itself as a popular "videoconferencing software", with meetings all online due to the pandemic. Investigators...

The Windows 10 Calculator has been ported to Linux

The Windows 10 Calculator has been ported to Linux and can be installed from the Canonical Snap Store. The ...

System breach exposes Kleenheat customer data

Australian-based gas company Kleenheat has warned some of its customers of data breaches, which may ...

US Election: Candidates manipulate voters via email!

The politicians who are candidates for the upcoming US elections use psychological tricks and "dark" patterns in their emails to ...

Google Chrome and Edge create random debug.log logs

An error in the latest version of Chrome and other Chromium-based browsers causes random debug.log files to be created ...