• Russian spies allegedly crack DoD aecrets using Office 364

    From Big Bad Bombastic Bob@21:1/5 to All on Thu Feb 17 10:22:31 2022
    https://www.theregister.com/2022/02/17/cisa_russian_attacks/

    "A two-year campaign by state-sponsored Russian entities to siphon
    information from US defense contractors worked, it is claimed."

    "Whoever broke into the US defense contractors' systems did not use
    novel tactics, it is said. The Kremlin-backed cyber-attackers' weapons
    of choice were established techniques such as spearphishing, credential harvesting, brute forcing of passwords, and exploiting known
    vulnerabilities, according to CISA."


    And, Micros~1 Office 364 (or 365 if you still think it'll actually be
    available fior the entire 365.25 days a year) was apparently the "vector
    of choice" for (alleged) Russian spying on the U.S. Department of
    Defense over the last 2 years.


    "The attackers prioritized efforts to target Microsoft 365 – the Windows giant's suite of productivity apps and complementary cloud services,
    we're told."

    "Obtaining legitimate M365 credentials appears to have been the jackpot
    for the intruders, who used them to maintain a presence inside defense contractors for months at a time. Those infiltrations often went
    undetected."


    (more info in the article)


    --
    (aka 'Bombastic Bob' in case you wondered)

    'Feeling with my fingers, and thinking with my brain' - me

    'your story is so touching, but it sounds just like a lie'
    "Straighten up and fly right"

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)