Microsoft Office blog compromised by Syrian Electronic Army

Over the past few weeks, Microsoft’s web properties have been compromised by the Syrian Electronic Army. While Microsoft was able to quickly regain control of these online assets, Microsoft’s Office blog has been compromised by SEA.

You can clearly see in the screenshot above that SEA has made several posts to show that they have obtained access to the blog. While this is likely not a hack, as many will call it, SEA did promise a few days back that the shenanigans were not over and that they would continue their attack on Microsoft.

Naturally, these types of events are an embarrassment to Microsoft but we would hedge that SEA was able to obtain the passwords using phishing attacks that Microsoft previously confirmed.  Obviously, no company wants to have its web properties compromised and we expect these posts to be taken down quickly.

But the bigger question remains is; if the SEA group has access to more properties? While we now know that they could access the Office blog, they may have been able to obtain more passwords to other properties. While we suspect Microsoft likely scrubbed the machines that were involved with the phishing attack, the worst-case scenario would be that SEA still has access to some email accounts.

These types of attacks typically are harmless to Microsoft, aside from the embarrassment, and are typically non-destructive in terms of deleting mass quantities of data. But, an intrusion is an intrusion and you would have thought Microsoft would have ordered all web property passwords to be changed after the first compromise, but here we are with the Office blog having been infiltrated long after the other properties were restored.

We will be watching closely to see if this is the end of the SEA's debauchery or if they have any more tricks up their electronic sleeves.

Report a problem with article
Previous Story

Cyber attack: 750,000 malicious emails traced back to hacked home appliances

Next Story

Two UK retailers drop the price of Xbox One down £20 to £409.99

44 Comments

Commenting is disabled on this article.

Dutchie64 said,
is that a bad thing? Many big companies use WP for their website/blog.

WP is always having new exploits found for it

Apparently they handle their security as well as the Office 365 updates (for those that don't know Office 365 won't autoupdate because it keeps waiting for some of its resident services (Office Upload Center, always running even with Office apps closed) to be restarted, it only starts prompting for restarting them long after the updates are available leaving you vulnerable for weeks).

francescob said,
Apparently they handle their security as well as the Office 365 updates (for those that don't know Office 365 won't autoupdate because it keeps waiting for some of its resident services (Office Upload Center, always running even with Office apps closed) to be restarted, it only starts prompting for restarting them long after the updates are available leaving you vulnerable for weeks).

I use office 365 home, never noticed anything like that happening.

francescob said,
Apparently they handle their security as well as the Office 365 updates (for those that don't know Office 365 won't autoupdate because it keeps waiting for some of its resident services (Office Upload Center, always running even with Office apps closed) to be restarted, it only starts prompting for restarting them long after the updates are available leaving you vulnerable for weeks).

umm, that is simply untrue

Security means jack if your employees are not educated to prevent things like this. I wouldnt call the employees idiots I would say, lack of training.

Meh, every company has employees like these. I can easily point out more than a few of my brain-dead co-workers for whom no amount of training or advice helps, and MS probably has 100s of times more employees. What's amazing is how they manage to retain their jobs despite being so incompetent.

Depends on the company really and the size of thee company. My company, standard response for anyone calling to get info is "We do not reveal anything about what we do here. Remove us from your list" People dont follow policy, they get fired.

techbeck said,
Depends on the company really and the size of thee company.
Yes, size does matter. Given they have more than 100,000 employees even before the Nokia acquisition, even 0.001% being fooled and providing their password is sufficient for pricks like the SEA to gain access.

I know it could cause international conflict (what doesn't these days) and fines and sanctions and such... But if I were Microsoft, I would have a little payback...

This will probably bruise Microsoft's ego a tad bit...

Doesn't matter, Employees were affected by Phishing, Probably Malware.. Meaning their PCs are affected SO not only do they change all the login details for every blog, social networking account etc etc ALL their employees using these accounts must wipe their PCs and any saved programs& documents that might malware.. As well as all employees changing their Microsoft account details

"While this is likely not a hack, as many will call it,"

so uuhhh, for a pretty much non-techy guy like me, what was it?

They used a phising attack (social engineering) to get the password; a hack would be finding an exploit in the code to make the post.

Tigurinn said,
"While this is likely not a hack, as many will call it,"

so uuhhh, for a pretty much non-techy guy like me, what was it?

What I posted on the last SEA article:
If it was a phishing attack I have no doubt someone on their team for those social networks was provided a legitimate looking e-mail with a link. Then, attempted to login to twitter (etc) with their proper creds on a website looking much like twitter. They then, more than likely, to remain covert, logged them into and tossed them into twitter... etc.
Wait a little bit, log in, and go to town. It's no different than bank phishing e-mails making it look like the banks website with a login form where they grab your e-mail. Hell they even fake security questions etc. to get those too.

So, it's not an attack on twitter, instagram, facebook. It's an attack against someone who's not paying attention to their address bar.

Tigurinn said,
"While this is likely not a hack, as many will call it,"

so uuhhh, for a pretty much non-techy guy like me, what was it?


It's all people jumping to conclusions, there is absolutely 0% proof it was a phising attack, there's also 0% proof it was an exploit, so right now (like half of the planks on these comments) anyone that claims to know how the attack was performed that isn't an employee of MS is (pick): A) A liar, B) a bigot, C) completely clueless

n_K said,

A) A liar, B) a bigot, C) completely clueless

Or D) A member of the SEA.

But it's not a huge leap to guess that it was probably a phishing attack. You don't need to be calling people clueless lying bigots.

rfirth said,

Or D) A member of the SEA.

But it's not a huge leap to guess that it was probably a phishing attack. You don't need to be calling people clueless lying bigots.

I agree that phishing is likelier than other techniques. At least it's very probable that it was the sort of 'attack' that required the target's participation to succeed, since that's what most hacking is these days anyway.

It's part of why it's so cute when the tinfoil-hatters think the gubment is watching them through all their tech. As long as they keep their crap clean, and don't go down the "backdoor" rabbit hole of paranoia, they can go about their daily lives.

n_K said,

It's all people jumping to conclusions, there is absolutely 0% proof it was a phising attack, there's also 0% proof it was an exploit, so right now (like half of the planks on these comments) anyone that claims to know how the attack was performed that isn't an employee of MS is (pick): A) A liar, B) a bigot, C) completely clueless
I don't know if you noticed, but in this particular thread he was asking how it wouldn't be a hack. And even quoted the article.

In other news, if I were to place a sizable bet, it would be on a phishing attack and not an exploit. But you sure looked hot when you walked in and laid the law down like a bawz.

Extra Credit: How the hell would they be a bigot?

Joshie said,

I agree that phishing is likelier than other techniques. At least it's very probable that it was the sort of 'attack' that required the target's participation to succeed, since that's what most hacking is these days anyway.

It's part of why it's so cute when the tinfoil-hatters think the gubment is watching them through all their tech. As long as they keep their crap clean, and don't go down the "backdoor" rabbit hole of paranoia, they can go about their daily lives.

Except of course that the NSA has direct access to some backbones and can ask data from the service providers.

So it should read; As long as they keep their crap clean, use encrypted data if possible and don't go down the "backdoor" rabbit hole of paranoia, they can go about their daily lives.

MrHumpty said,
I don't know if you noticed, but in this particular thread he was asking how it wouldn't be a hack. And even quoted the article.

In other news, if I were to place a sizable bet, it would be on a phishing attack and not an exploit. But you sure looked hot when you walked in and laid the law down like a bawz.

Extra Credit: How the hell would they be a bigot?


Here you go; 'They used a phising attack (social engineering) to get the password; a hack would be finding an exploit in the code to make the post.', 'Phishing idiot employees'.
Feel free to re-read them over and over again and once again for good measure.
There is ZERO evidence pointing for a phishing attack, likewise for an exploit at the moment too.

n_K said,

Here you go; 'They used a phising attack (social engineering) to get the password; a hack would be finding an exploit in the code to make the post.', 'Phishing idiot employees'.
Feel free to re-read them over and over again and once again for good measure.
There is ZERO evidence pointing for a phishing attack, likewise for an exploit at the moment too.
Again the guy asked how one would do this. It was explained. I've read it all.

The article said it was likely a phishing attack. A reasonable statement by an informed observer. A guy asked what that would mean. bdsams and noclipmod both mentioned phishing. I loosely described what phishing was.

Thankfully though, you've showed up to save the day, I guess, destroying the unmentioned notion that this was, w/o a doubt a phishing attack on Microsoft that gave them access to the blog. Here we all thought we were helping a non-techy guy understand how it could not be a hack that provided this.

P.S. Take your meds.

P.P.S. I'm still waiting for how those two highlighted statements would be bigoted.

'Phishing idiot employees' trying to say they're better than apparent employees that (as of this point in time) has zero proof.
I couldn't care less what a so called 'informed observer' says, twitter can't find out how SEA has breached a bunch of high profile accounts and says it is PROBABLY phishing, all that shows is that they are completely clueless and they own twitter. An 'informed observer' in this case is also most probably an idiot.

n_K said,
'Phishing idiot employees' trying to say they're better than apparent employees that (as of this point in time) has zero proof.
I couldn't care less what a so called 'informed observer' says, twitter can't find out how SEA has breached a bunch of high profile accounts and says it is PROBABLY phishing, all that shows is that they are completely clueless and they own twitter. An 'informed observer' in this case is also most probably an idiot.
Thanks for all this comic relief. And frankly, an employee with access to these properties for such a large company may not like being called an idiot, but it is a level of idiocy to fall for phishing attacks, if that were the vector, at that level. At any level, that comment is not one of a bigot.

As someone who deals with these type of "threats" I'm no idiot in saying it was most likely phishing. If not phishing some other form of social hacking but most likely phishing.

MrHumpty said,
Thanks for all this comic relief. And frankly, an employee with access to these properties for such a large company may not like being called an idiot, but it is a level of idiocy to fall for phishing attacks, if that were the vector, at that level. At any level, that comment is not one of a bigot.

As someone who deals with these type of "threats" I'm no idiot in saying it was most likely phishing. If not phishing some other form of social hacking but most likely phishing.


Oh so you've ruled out an exploit entirely have you?
Lol, great job you must have, remind me of the company you work for so I can make sure I steer clear of ever giving them personal details?

n_K said,

Oh so you've ruled out an exploit entirely have you?
Lol, great job you must have, remind me of the company you work for so I can make sure I steer clear of ever giving them personal details?
I get the feeling you don't know what "likely" means.

MrHumpty said,
I get the feeling you don't know what "likely" means.

'Likely' based on no evidence, ergo no likely.
Or are you gonna say that (same rubbish idea applied to another case) because a % of people that are tried for a crime are found to be guilty that the next person up has the same % change of being guilty regardless of what evidence is available?

n_K said,

'Likely' based on no evidence, ergo no likely.
Or are you gonna say that (same rubbish idea applied to another case) because a % of people that are tried for a crime are found to be guilty that the next person up has the same % change of being guilty regardless of what evidence is available?
I love how you are taking this as if we're in the court of law deciding a man's fate. You're cute. I mean it. It's so refreshing to believe there is someone who would reserve any and all judgement and/or speculation about the compromising of a wordpress blog account. More importantly be lady justice in a discussion about what it *would* take to compromise said account w/o using an exploit. You fight is just, you are just misunderstood.

Also, likely based off of previous targeted breaches of these accounts at large corps like, iirc, microsoft being possible due to phishing and other social hacks.

joep1984 said,
What's the point of taking over a blog, Twitter account, etc?

that's like asking people why they do stuff. it's because they can.

John Callaham said,
Nope..its completely down now

I'm wondering if the site is hosted in multiple regions and only a particular one (or just some) were compromised. It's been up for me all day, been checking back on it, and not only has it been up but it hasn't exhibited any signs of being hacked at all.