PSA to orgs: if you use Microsoft 365, check your email logs for an email from mbsupport@microsoft.com
Microsoft are emailing tenant admin email addresses about a breach by Midnight Blizzard - you might not get the emails due to spam filtering etc.
https://www.reddit.com/r/microsoft/comments/1dowpf9/midnight_blizzard_microsoft_email_data_sharing/ #threatintel
I would suggest orgs who use M365 want to check their Exchange Online logs for that email address.
Just to be super clear, these are legit emails. Microsoft didn’t follow their M365 customer data breach notification process.
Also, if you don’t use M365, check your email logs anyway.
I’ve blown this up on LinkedIn now as it’s clear from talking to lots of impacted orgs they’ve found out about their breach from me.
The emails in the MS notification flow don’t even pass SPF, DKIM. It’s great that MS are being transparent — but they need to get down how to notify orgs.
I know Mastodon didn’t look at the screenshot in this thread as they haven’t freaked out about CSAM being used as a job title 🤣
Gonna start replying to these saying it’s legit since nobody else is. https://answers.microsoft.com/en-us/msoffice/forum/all/midnight-blizzard-data-sharing-request-email/1c1e90f6-43fc-4c91-ac77-3127fb6a340c
My favourite part of this saga is aside from the MS breach notification emails not having valid DKIM signing nor SPF, the emails are getting flagged as phishing and submitted to sandboxes.
Each tenant has a unique URL, and I’m tracking over 500 so far - so there’s at least 500 victim orgs.
I’ve had multiple people reach out to me to say Microsoft support have told them the email in the screenshot isn’t legit. It is.
Get the MS support team to talk to Redmond security team if you get caught in that loop.
Also, everybody dealing with this, drink.
Is there any interest in a Signal group for people dealing with the Midnight Blizzard Microsoft email heist caper?
A nice summary of where this is up to so far. Transparency from MS = good and much needed, they just need to execute it better.
@GossiTheDog Transparency from Microsoft should read, "We aren't very good at making software, so we leveraged a monopoly position to force all of you to use our operating systems and software. Now our hold is slipping due to a change in platform focus, that we couldn't keep up with (we really suck at software), so we must play at being contrite in hopes that one day we can again say, "Suck it, suckers!".
