Cyber Threat Report: 'Midnight Blizzard: Guidance for responders on nation-state attack'
| Report Author | Microsoft Threat Intelligence |
|---|---|
| Publication Date | 2024-01-25 |
| Original Reporting | Source |
| Attributed to Nation | Russia |
| Related Intrusion Sets | Cozy Bear , APT29 , NOBELIUM , Midnight Blizzard |
| Related Threat Actors | SVR - Russian Foreign Intelligence Service |
| Victim Sectors | Technology |
Following a compromise of Microsoft corporate systems by Midnight Blizzard which was detected on 12th January 2024, this blog post outlines information on observed activity and techniques. The blog details how the actors gained initial access by using password spray attacks against legacy systems before employing malicious OAuth applications and manipulating user accounts to elevate privilege. The actor was then able to target Microsoft corporate email accounts.
Cyber Threat Graph Context
Explore how this report relates to the wider threat graph