Microsoft recently discovered a group of hackers who used a broken password to control a whole network which took only a few days. According to ZDNet's latest report, one sophisticated hacking group was able to crack a broken cloud password and tale full control of a network, as detailed by Microsoft. The report stated that the malicious attack only took less than a week to pull off.
Also Read: Microsoft's Livestreaming Platform Mixer Closes Down On July 22
Also Read: Microsoft President Puts Greater Pressure on Apple Amid an Antitrust Investigation
"Every day, we see attackers mount an offensive against target organizations through the cloud and various other attack vectors with the goal of finding the path of least resistance, quickly expanding foothold, and gaining control of valuable information and assets," said Microsoft's Threat Protection Intelligence Team in a blog post.
According to Microsoft's report, the group of hackers, known as Holmium, is one of the most efficient in using cloud-based attack vectors among the other groups that it tracks, including nation-based hackers and organized crimes. The group of hackers is also known by many names including Elfin, StoneDrill, and ATP33, which is claimed to be widely linked to Iran.
Holmium was reported to have been conducting destructive attacks and performing espionage, targeting defense, aerospace, mining, chemical, and petrochemical companies for several years now.
Microsoft's security researchers said that Holmium uses a technique known as "password spraying," which includes attempts to use lists of well-known passwords to breach into accounts and spear-pishing, and other various ways to gain access to ts targets.
Hackers cracked cloud password
According to ZDNet, a penetrating testing tool called "Ruler," together with compromised Exchange credentials were involved in the recent attacks of Holmium. Microsoft's security researchers claimed that since 2018, the group of hackers has been running cloud-based attacks using Ruler.
Microsoft noted that these attacks usually start with intensive password-spraying against Active Directory Federation Services infrastructure. A higher risk of having accounts compromised are mostly experienced by organizations that aren't using multi-factor authentication.
The hackers were able to explore the network further using some Office 365 accounts, and then launched into the next step with Ruler to gain complete control over the computer.
"Once the group has taken control of the endpoint (in addition to the cloud identity), the next phase was hours of exploration of the victim's network," said Microsoft.
The hackers only took less than a week, from initial access through cloud to acquiring complete access and full domain compromise over the network. After gaining full access to the network, the hackers were able to stay in the system for long periods of time, even for months.