APPENDIX: A few major incidents

SolarWinds

• U.S. Senate Intelligence Hearings - Solar Winds Hearings of CEOs of FireEye, Mandiant, SolarWinds, Microsoft, CrowdStrike. Extremely interesting.
• The SolarWinds Cyberattack A very interesting non-technical summary with a detailed timeline.

ProxyLogon (Microsoft Exchange Mail server)

• Mitigate Microsoft Exchange On-Premises Product Vulnerabilities Cybersecurity and Infrastructure Security Agency (CISA) Emergency Directive.
• Investigating ProxyLogon Attacks And How To Mitigate It A demo with screenshots.
• ProxyLogon The latest pre-authenticated Remote Code Execution vulnerability on Microsoft Exchange Server A detailed technical explanation by the researchers that notified Microsoft. "An unauthenticated attacker can execute arbitrary commands on Microsoft Exchange Server through an only opened 443 port!".

Midnight Blizzard attack to Microsoft

The "Midnight Blizzard" attack mentioned above is extremely interesting, for several reasons (that name identifies a Russian state-sponsored threat actor, also known as Nobelium).

Please read carefully the following excerpt from Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard and then think about the very deep implications (italic is mine):

The Microsoft security team detected a nation-state attack on our corporate systems on January 12, 2024. Beginning in late November 2023, the threat actor used a password spray attack to compromise a legacy non-production test tenant account and gain a foothold, and then used the account’s permissions to access a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions, and exfiltrated some emails and attached documents.

Two very interesting analyses of that incident, by very respected experts: one that criticises Microsoft, the other that defends it. Both really worth reading:

• Microsoft's Dangerous Addiction To Security Revenue by Alex Stamos.
• Notes on Microsoft's Midnight Blizzard attack by Robert Graham.