Security Intelligence
Loading table of contents...
Source: Bleeping Computer
Summary
Microsoft is denying Anonymous Sudan’s recent claim on its Telegram channel that the Russia-aligned DDoS group has obtained credentials for 30 million accounts belonging to Microsoft users.
The group claimed it was able to breach Microsoft’s servers to obtain the credentials, providing a text file with a sample of 100 credentials as proof of the compromise. Anonymous Sudan advertised the sale of the stolen database to interested parties for $50,000.
Microsoft advised that it has seen no evidence that its customer data had been accessed and/or compromised and that the sample credentials were likely obtained from other third-party sources.
This isn’t the first run-in between Microsoft and Anonymous Sudan. In June, Microsoft announced that Anonymous Sudan was responsible for a DDoS attack that rendered three of its services unavailable for several hours.
Analysis
Should Anonymous Sudan’s claim be true, it means the group is not only capable of DDoS attacks but potentially of conducting cyber espionage activities against what would be considered highly secure servers, given they belong to Microsoft.
It’s more plausible Anonymous Sudan’s claim isn’t real, and that the list of credentials they provided as proof was derived from historical breach databases or purchased through online criminal marketplaces. According to the website www.haveIbeenpwned.com, almost all the credentials provided by Anonymous Sudan have been involved in at least one data breach at some point.
Like a DDoS attack, the primary goal of making this claim would be to disrupt the adversary, causing it to spend time and resources investigating the alleged compromise and taking a reputational hit in the process. This claim would also gather media attention given its potential impact if true and prove Anonymous Sudan’s legitimacy.
Mitigation
Field Effect encourages users to use strong password hygiene and to enable multi-factor authentication (MFA) when possible. MFA provides an additional safeguard should a password be breached.
