Syrian Electronic Army Hacks Microsoft — Again

One particular hacktivist group seems to have a bone to pick with mighty Microsoft. First, the Syrian Electronic Army (SEA) hijacked a few of RedmondEUs Twitter accounts. Next, the group invaded the companyEUs official blog. Now, the SEA has hacked into MicrosoftEUs Office Blogs site.

The hackers took to Twitter with proof positive in the form of a screenshot of the Microsoft Office Blog site. The SEA article was titled EUHacked by the Syrian Electronic ArmyEU and was placed next to EUOffice 15-Minute WebinarsEU and EUTop 5 Reasons to attend Sharepoint Conference 2014EU on the blogEUs home page.

Microsoft was quick to take down the article, but Google searchers can still find the cached image. The attack comes as Microsoft rolled out a new design for its Office Blog site -- complete with a new content management system (CMS) -- on Monday and the SEAEUs Twitter message reads, EUDear @Microsoft, Changing the CMS will not help you if your employees are hacked and they donEUt know about that.EU

Breaking the Pattern

EUA targeted cyberattack temporarily affected the Microsoft Office blog,EU the company said in a statement. EUThe account was quickly reset and we can confirm that no customer information was compromised.EU

We caught up with Ken Pickering, director of Engineering at CORE Security, to get his take on the Microsoft attacks. He told us the attacks arenEUt particularly sophisticated or novel. The SEA, he noted, uses well-known breaching tactics and the fact that they are continually successful shows that the industry needs to do a better job guarding against these tactics.

EUHow do we break this pattern? HereEUs the methodology I always advise: In order to prevent attacks, you need to think like an attacker. Consider how the EUbad guysEU will try to break into your account and/or network, and counteract those tactics,EU Pickering said....

Comments are closed.