all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Russians Used Microsoft’s Stolen Authentication Secrets to Access Source Code

Add to bookmarks
March 13, 2024, 11:19 a.m. | Livia Gyongyoși

Heimdal Security Blog heimdalsecurity.com

Midnight Blizzard hackers used Microsoft’s stolen authentication secrets to advance into their internal system and access source code. The Russian attackers initially used password spraying to get into a legacy non-production test tenant account. Microsoft disclosed this initial attack in January 2024. The compromised account had access to an OAuth application with elevated privilege to […]


The post Russians Used Microsoft’s Stolen Authentication Secrets to Access Source Code appeared first on Heimdal Security Blog.

access account attack attackers authentication blizzard code compromised cybersecurity news hackers internal january january 2024 legacy microsoft midnight midnight blizzard non oauth password password spraying production russian russians secrets source code spraying stolen system test

Visit resource

More from heimdalsecurity.com / Heimdal Security Blog

Patch Now! CrushFTP Zero-day Lets Attackers Download System Files 2 days, 22 hours ago | heimdalsecurity.com
attackers critical crushftp customers +22
MITRE Breached – Hackers Chained 2 Ivanti Zero-days to Compromise VPN 3 days ago | heimdalsecurity.com
attack authentication authentication bypass breach +30
A System Administrator’s Challenges in Patch Management 3 days, 2 hours ago | heimdalsecurity.com
administrator alex benefits challenges +13
Free and Downloadable Account Management Policy Template 4 days, 5 hours ago | heimdalsecurity.com
account accounts business data +16
Atera vs. ConnectWise: Head-to-Head Comparison (And Alternative) 4 days, 22 hours ago | heimdalsecurity.com
article atera balance complexity +11
NinjaOne vs. Atera: A Deep Comparison Between the Solutions 1 week ago | heimdalsecurity.com
atera business critical customers +22
Deceptive Google Ads Mimic IP Scanner Software to Push Backdoor 1 week, 1 day ago | heimdalsecurity.com
ads backdoor campaign cybersecurity +16
CrowdStrike vs. SentinelOne: Which One Is Better For Endpoint Security? 1 week, 1 day ago | heimdalsecurity.com
business can crowdstrike cybersecurity +13
Surge in Botnets Exploiting CVE-2023-1389 to Infect TP-Link Archer Routers 1 week, 2 days ago | heimdalsecurity.com
bleeping computer botnet botnets command +24

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Open-Source Intelligence (OSINT) Policy Analyst (TS/SCI)

@ WWC Global | Reston, Virginia, United States
View on infosec-jobs.com

Security Architect (DevSecOps)

@ EUROPEAN DYNAMICS | Brussels, Brussels, Belgium
View on infosec-jobs.com

Infrastructure Security Architect

@ Ørsted | Kuala Lumpur, MY
View on infosec-jobs.com

Contract Penetration Tester

@ Evolve Security | United States - Remote
View on infosec-jobs.com

Senior Penetration Tester

@ DigitalOcean | Canada
View on infosec-jobs.com
View more jobs