Theregister
8 months agoPrivacy professionals
Microsoft tells how Russia's Cozy Bear broke into its email
Microsoft's compromised corporate account did not have multi-factor authentication (MFA) enabled.
The attackers used password-spray attacks to gain access and then compromised a legacy test OAuth application to steal emails and files. [ more ]