The Microsoft hacking unit: revealing the secrets of the “Cozy Bear” group at the end of the security lifecycle (SDL 2004)
The threat actor gained access to a small percentage of Microsoft corporate email accounts by compromise of a legacy non-production test tenant account, and used the account’s permission to access a small percentage of Microsoft corporate email accounts.
Microsoft is now changing the way it designs, builds, tests, and operates its software and services. It’s the biggest change to its security approach since the company announced its Security Development Lifecycle (SDL) in 2004 after huge Windows XP flaws knocked PCs offline.
Intelligence-gathering is the main focus of the SVR. The main targets are governments, diplomats, think tanks and IT service providers.
Microsoft calls it a hacking unit. The group used to be called the Nobelium before it changed its name last year. The group is called the “Cozy Bear.” Mandiant is a firm that’s owned by Google.
Comments on the e-Microsoft Incident with a New U.S. Securities and Exchange Commission Regulatory Filtering
The Microsoft disclosure comes a month after a new U.S. Securities and Exchange Commission rule took effect that compels publicly traded companies to disclose breaches that could negatively impact their business. Unless they obtain a national-security waiver, it gives them four days to do so.
In Friday’s SEC regulatory filing, Microsoft said that “as of the date of this filing, the incident has not had a material impact” on its operations. It hasn’t been determined whether the incident is likely to have an impact on its finances.
The threat actor tries to log into multiple accounts with a single password. In an August blog post, Microsoft described how its threat-intelligence team discovered that the same Russian hacking team had used the technique to try to steal credentials from at least 40 different global organizations through Microsoft Teams chats.