Microsoft admits Russian state hack still not contained. ‘This has tremendous national security implications’
(fortune.com)
from kid@sh.itjust.works to cybersecurity@sh.itjust.works on 11 Mar 2024 12:03
https://sh.itjust.works/post/16049408
from kid@sh.itjust.works to cybersecurity@sh.itjust.works on 11 Mar 2024 12:03
https://sh.itjust.works/post/16049408
Interesting view on this situation.
threaded - newest
This is the best summary I could come up with:
Microsoft said Friday it’s still trying to evict the elite Russian government hackers who broke into the email accounts of senior company executives in November and who it said have been trying to breach customer networks with stolen access data.
The hackers from Russia’s SVR foreign intelligence service used data obtained in the intrusion, which it disclosed in mid-January, to compromise some source-code repositories and internal systems, the software giant said in a blog and a regulatory filing.
A company spokesman would not characterize what source code was accessed and what capability the hackers gained to further compromise customer and Microsoft systems.
“The threat actor’s ongoing attack is characterized by a sustained, significant commitment of the threat actor’s resources, coordination, and focus,” Microsoft said Friday, adding that it could be using obtained data “to accumulate a picture of areas to attack and enhance its ability to do so.” Cybersecurity experts said Microsoft’s admission that the SVR hack had not been contained exposes the perils of the heavy reliance by government and business on the Redmond, Washington, company’s software monoculture — and the fact that so many of its customers are linked through its global cloud network.
When it initially announced the hack, Microsoft said the SVR unit broke into its corporate email system and accessed accounts of some senior executives as well as employees on its cybersecurity and legal teams.
Microsoft’s latest disclosure comes three months after a new U.S. Securities and Exchange Commission rule took effect that compels publicly traded companies to disclose breaches that could negatively impact their business.
The original article contains 539 words, the summary contains 255 words. Saved 53%. I’m a bot and I’m open source!
Good bot
I suppose Russia is collecting exploits and vulnerabilities ahead of the 2024 US election season. Nothing to worry about there, I’m sure.
I wonder what’s making it so hard. Probably scope of the breach.
Sounds like MS has their heads up their asses if execs got compromised and baddies are running rampant all over their network. I guess I’m kinda spoiled where I work.
I’d love to be a fly on the wall and see what’s going on. Or, actually, cyber$ec con$ultant >:)
Maybe that’s what I should do as my final gig before retirement. Hmm. I just need to find someone with actual charisma that can schmooze and find customers (since I’d sooner jump off a bridge). Get a handful of top notch cyber incident response and reverse engineering folks, few more engineers. I know I am going off topic but I need to dream if I am to survive Monday after the time change ok?? Let’s see… I would do 32 hour work weeks. Idk how that would play out working an incident, I guess shitloads of comp time and some way to keep from overloading people. Good bennies. 6 weeks of vacation a year. Hell, make it employee owned. WFH when and where possible (can’t really do an incident response 100% remotely, usually). Whaddya say, who’s in? Let’s make enough money to retire early. Fuck work.
Tell me what I need to learn boss, and I’m all in 🫡
I suppose one of the issues might well be the nature of software development careers for the last 15 years. Where its weird if you spend more than a few years at a place.
One of the downsides is that you don't get experts in systems and you lose a lot of that expert knowledge base that has traditionally existed when someone spends a decade at a company.
.
I used to be paid money to be “someone with actual charisma”. It’s not worth it. It’s a Catch 22 - the people you need to validate your charisma in order to buy things are exactly the kind of people you became charismatic to avoid.
Turns out it’s smarter to learn a skill that makes you indispensable, because there are only so many charismatic ways to say “fuck you” before the boss decides you’re a bad influence.
Yup, my last boss was annoyed with me because I kept asking for 2 days remote/week so I could focus. I had moved my desk across the building to avoid interruptions, and one day I left “early” (before the rest of the team, but I had already been working 10 hours and finished my work) when there was a deadline and someone was stuck in a bug. I remoted in, fixed the problem quickly, and then the next day he called me into his office and “fired” me, with an offer to switch to a full-remote contractor with a small pay increase.
So yeah, I was indispensable, otherwise he would’ve just fired me. It was a win-win because I didn’t like him or his wife (main reason I wanted to work remote) but liked the product, and he wanted to force everyone to work in the office because he and his wife were control freaks. The funny part is they “replaced” me with a full remote contractor (I was the manager until “fired”).
Now I’m in a better spot with my current company (I like my boss, I manage a good team, company is more stable). But the only reason I got that special offer was because I was indispensable, at least for 2-3 years.
Give the company a memorable name, please. Like “Leverage Indispensables” or “Main Engineering, Mayn!” Or “Detach The Saucer”.
I like how you think. Ok, you’re in charge of marketing.
And the monkey’s paw curls.
Thank you. No coffee machines in my department, please. Everyone drinks real tea or GTFO. This is Main Leverage, not Glengarry Glen Ross.
My guess would be Microsoft’s apparent unwillingness to nuke their Internet connection from orbit and suffer extensive downtime while they clean out the compromised accounts. I mean, I get that that would be catastrophically bad for their business, but isn’t being thoroughly pwn3d by the Russians also catastrophically bad already?
They’re so engrained i feel like it’s not. There are far better solutions than Microsoft (just like the same in the network world and Cisco) but most won’t even entertain the idea.
Now we find out if linking all of the software into a single user id/ password on the Microsoft services was such a good idea.
Yeah, and I thought our test accounts for our app was bad, but it is disabled in production and has limited permissions in our customer facing test environment. We still share credentials for it, but it’s only really useful if you’re already behind our VPN and only on test envs.
This is a huge embarrassment for Microsoft.
Wonder if this has anything to do with windows telling me there was a problem with my Microsoft account, then making a mockery of the reset process.
As opposed to a ton of logins nobody can manage and monitor and are certainly held together with post it note passwords?
I’ll take the SSO/saml challenges every time.
For once, the SEC does something right…that benefits me? It must be DST related hallucinations, is this real? Will it be forever?
I must be too high or there’s a glitch in the simulation. This can’t be real
I know, I’m scared, even when safely seatbelted into my $10,000 office chair. What’s to become of us without Big Brother Bill? Or Clippy?
Hello i’m the enterprise security, uh, guy, and i’ll remove 85-90% of your attack vectors in one pass.
eliminates microsoft from enterprise
There you go. Money, please.
Good luck running that past upper management in a large global corporation. “The CTO used to work at Microsoft and only knows Windoze so that’s what we do here”. Lol.
Laughs in gnu/linux
and Russia is rolling it’s own Debian derivative in anything that matters, en.wikipedia.org/wiki/Astra_Linux
Stop using Microsoft at the state level.