Summit 7 acknowledges the recent update provided by Microsoft regarding the nation-state attack carried out by the threat actor known as Midnight Blizzard. We recognize the severity of this situation and the potential implications it may have for organizations in the Defense Industrial Base.
To our knowledge, Microsoft Government Cloud systems (GCC High & Azure Gov) have not been compromised in any way.
As a partner closely aligned with Microsoft's security initiatives, Summit 7 is committed to assisting our customers in mitigating the potential risks associated with this ongoing attack. We are actively monitoring the situation and working closely with Microsoft to ensure the necessary steps are taken to protect our customers' environments.
We recognize the significant effort and resources Midnight Blizzard has dedicated to this attack, underscoring the evolving and unprecedented global threat landscape brought about by sophisticated nation-state actors. Summit 7 remains dedicated to cybersecurity, cross-enterprise coordination, and mobilization efforts to strengthen our customers’ ability to defend against this advanced persistent threat.
Our commitment to maintaining the highest level of security remains unwavering, and we will continue to work closely with Microsoft to share any new findings and insights as they emerge.
On March 8, 2024, Microsoft released an update following the attack by nation state actor Midnight Blizzard. Here is an excerpt from the Microsoft blog:
“As we shared, on January 19, the security team detected this attack on our corporate email systems and immediately activated our response process. The Microsoft Threat Intelligence investigation identified the threat actor as Midnight Blizzard, the Russian state-sponsored actor also known as NOBELIUM.”
“Midnight Blizzard […] may be using the information it has obtained to accumulate a picture of areas to attack and enhance its ability to do so. This reflects what has become more broadly an unprecedented global threat landscape, especially in terms of sophisticated nation-state attacks.”
This attack has left the cybersecurity community wondering, "How did this happen?" According to Redmond Magazine:
"Midnight Blizzard had used the 'password spray' method to guess the passwords of Microsoft's nonproduction test accounts, and then escalated privileges from there. These password spray attacks didn't stop after Microsoft's disclosure in January, but instead increased "by as much as 10-fold in February."
Attacks such as these can be mitigated by checking non-production test accounts (and service-related accounts including ones used for things like APIs) and changing those passwords just to be on the safe side, making sure to use very strong, generated passwords. These type of accounts typically don’t use multi-factor authentication (MFA), so they are the most vulnerable.
Summit 7 understands the importance of collaboration and information sharing during times of heightened cyber threats. We encourage all organizations to review their security posture and leverage the expertise and resources available to them to safeguard their digital assets. Summit 7 will continue to provide updates as they become available.