Microsoft has confirmed to The Verge that a "small number" of employee email accounts were accessed during the latest round of attacks by the Syrian Electronic Army. The hacking group posted three internal emails that appear to have been obtained from several Microsoft employee’s Outlook Web Access accounts. The emails mainly discuss the latest compromises of several Microsoft-owned Twitter accounts, but they do show that the Syrian Electronic Army (SEA) gained much greater access beyond just social network accounts.
"A social engineering cyberattack method known as phishing resulted in a small number of Microsoft employee social media and email accounts being impacted," says a Microsoft spokesperson. "These accounts were reset and no customer information was compromised." The latest around of attacks affected Microsoft’s official news blog and Twitter account, alongside the official Xbox support Twitter account. On January 1st, the Syrian Electronic Army also obtained access to the official Skype blog and Twitter accounts, and posted an anti-Microsoft tweet that was retweeted more than 8,000 times.
"A Microsoft employee wanted to make his password more stronger, so he changed it from Microsoft2 to Microsoft3."
It’s clear the attacks were part of a complex phishing attack, but the Syrian Electronic Army have been relentless in their targeting of Microsoft. "It seems bit.ly is the backdoor that has been found," says one Microsoft employee in internal emails posted by the SEA. The embarrassing series of compromises could also be related to weak password security alongside phishing. "A Microsoft employee wanted to make his password more stronger, so he changed it from ‘Microsoft2’ to ‘Microsoft3’ #happened," says a SEA spokesperson in a recent tweet.
It’s not immediately clear how many email accounts were targeted during the recent attacks, or how much data the Syrian Electronic Army were able to obtain before the accounts were reset. A Syrian Electronic Army representative says that the latest attacks were designed to be a distraction, indicating there could be further compromises in future. "We are making some distraction for Microsoft employees so we can success in our main mission," the SEA told The Verge by email.
Update: the Syrian Electronic Army is threatening more attacks on Microsoft. In a tweet today, the group says "we didn't finish our attack on @Microsoft yet, stay tuned for more!"