The sophisticated attack, which exploited weaknesses in password security, raised concerns about the potential for widespread espionage and disruption.
Microsoft, which first reported the attack, said hackers had been targeting its senior management for “several weeks or months.” Attackers gained initial access through a non-production test tenant account without two-factor authentication. They then used an old OAuth test application to gain elevated privileges and eventually infiltrate the Microsoft Office 365 Exchange Online service.
Announcing the attack this week, HPE said hackers compromised the cloud email environment and stole a limited number of SharePoint files in May 2023. The scope of the data stolen from other affected companies remains unclear, but cybersecurity experts warn that the attack could be much larger than what has been publicly disclosed.
Recent changes to U.S. Securities and Exchange Commission (SEC) rules requiring companies to disclose information about computer intrusions have led to many victims calling the police, but analysts say the actual number of affected organizations is likely much higher.
Source: Ferra
I am a professional journalist and content creator with extensive experience writing for news websites. I currently work as an author at Gadget Onus, where I specialize in covering hot news topics. My written pieces have been published on some of the biggest media outlets around the world, including The Guardian and BBC News.
