Complex Made Simple

Microsoft says 10,000 users targeted by hackers

Microsoft said it has notified close to 10,000 people in the past year that they have been targeted by state-sponsored hackers.

The tech giant said victims were either targeted or compromised by hackers working for a foreign government, reported Techcrunch. In almost all cases, Microsoft said, enterprise customers were the primary targets — such as businesses and corporations. About 1 in 10 victims are consumer personal accounts, the company said.

 On top of that the company also said it has made 781 notifications of state-sponsored attacks on organizations using its AccountGuard technology, designed for political campaigns, parties and government institutions.

Most of the attacks were traced back to activity by hacking groups believed to be associated with Russia, North Korea and Iran.

One such group, the so-called APT 33 group operating out of Iran — which Microsoft calls Holmium — has been in Microsoft’s cross-hairs before. In March the company said the Tehran-backed hackers stole corporate secrets and destroyed data in a two-year-long hacking campaign. Weeks later the company sued to obtain a restraining order for another Iranian hacker group, APT 35, or Phosphorus. A year earlier it took similar legal action against Russian hackers, known as APT 28, or Fancy Bear, which was blamed for disrupting the 2016 presidential election.

Microsoft said it expects to see the “use of cyberattacks to specifically target democratic processes” ahead of the upcoming 2020 presidential election.

FireEye: Build a mature cyber defence system

 FireEye has expressed its opinion on this topic. Please find below a comment from Jens Monrad, head of intelligence for EMEA at FireEye.

State-sponsored attacks tend to be very sophisticated, and therefore all organisations including those who got a notification from Microsoft need to ensure they have a well-tested incident response plan.

 "We give state-sponsored threat groups the label APT (Advanced Persistent Threat) and as the name suggests they tend to be perceived as very advanced adversaries. However, the reality is that they do not need to be very sophisticated if the targeted organisation does not have a mature cyber defence. It is not just a matter of technology, but also a matter of having context about the adversary, their tactics, techniques and procedures, so the organisation can build their defences effectively for future attacks," said Jens Monrad, head of intelligence for EMEA at FireEye.