Tom Burt – WindowsTechs.com

Latest Russian espionage activity is broader than SolarWinds-style hacking effort, Microsoft’s Tom Burt says

Posted on October 25, 2021 by Tim Starks

An apparent espionage campaign from the same Russian hacking group that breached the U.S. federal contractor SolarWinds in 2020 differed from that incident — which sparked congressional hearings and a reckoning throughout the U.S. federal government — in significant ways, according to Tom Burt, Microsoft’s corporate vice president for customer security and trust. The latest effort unveiled Sunday by Microsoft represents an example of how the group, which the company calls Nobelium and says is connected to the Kremlin’s SVR intelligence agency, targeted whole classes of companies, such at technology resellers and cloud service providers. The company said the intruders compromised 14 of the 140 service providers that were targeted, though investigators appear to have caught the effort relatively early, with Microsoft alerting government officials and publishing an advisory on the matter some five months after the activity appeared to begin. Attackers breached SolarWinds in January 2019, nearly two years […]

The post Latest Russian espionage activity is broader than SolarWinds-style hacking effort, Microsoft’s Tom Burt says appeared first on CyberScoop.

Continue reading Latest Russian espionage activity is broader than SolarWinds-style hacking effort, Microsoft’s Tom Burt says→

Feds use gag orders to collect cloud data in secret, Microsoft executive tells Congress

Posted on June 30, 2021 by Tonya Riley

The Justice Department is abusing secret subpoenas to collect cloud user data at alarming rates, a top Microsoft executive testified in front of the House Judiciary Committee on Wednesday. Tom Burt, Microsoft’s vice president of customer security and trust, told lawmakers that the company currently receives between 2,400 to 3,500 secrecy orders each year. That’s roughly a third of the total number of requests that federal law enforcement sends to Microsoft, and it’s a number that has grown as more companies and organizations rely on cloud providers to serve as their virtual offices. The hearing comes on the heels of a revelation earlier this month that the Justice Department had used such gag orders to secretly subpoena Microsoft and Apple for data from two members of Congress, Capitol Hill staffers and some family members. “If law enforcement wants to secretly search someone’s physical office, it must meet a heightened burden […]

The post Feds use gag orders to collect cloud data in secret, Microsoft executive tells Congress appeared first on CyberScoop.

Continue reading Feds use gag orders to collect cloud data in secret, Microsoft executive tells Congress→

For Microsoft, cybersecurity has become bigger than business

Posted on January 27, 2021 by Tim Starks

Since the cybersecurity firm FireEye hired Microsoft to help investigate a hack at the federal contractor SolarWinds, Microsoft has helped clean up the mess, alerted victims and distributed other details meant to fend off alleged Russian spies. Microsoft did all of that as it wrestled with its own probe of how hackers infiltrated its systems. Yet the company’s role in the SolarWinds investigation, while significant, represents a fraction of the cybersecurity-focused work Microsoft has done in recent years, including some behind the scenes and some in globe-spanning public relations campaigns. Once viewed as a traditional tech behemoth, Microsoft has evolved into a firm that fights cybersecurity battles in court, in election administration, in the international sphere, in the marketplace and elsewhere. The entirety of that perspective gives Microsoft a unique — if imperfect — place in the cybersecurity universe. The size of the company, and its level of visibility into […]

The post For Microsoft, cybersecurity has become bigger than business appeared first on CyberScoop.

Continue reading For Microsoft, cybersecurity has become bigger than business→

Munich Security Conference attendees targeted with Iran-linked spearphishing, Microsoft says

Posted on October 28, 2020 by Shannon Vavra

Iranian government-linked hackers have been sending spearphishing emails to large swaths of high-profile potential attendees of upcoming the Munich Security Conference as well as the Think 20 Summit in Saudi Arabia, according to Microsoft research. The Iranian attackers, known as Phosphorous, have disguised themselves as conference organizers and have sent fake invitations containing PDF documents with malicious links to over 100 possible invitees of the conferences, both of which are prominent summits dedicated to international security and policies of the world’s largest economies, respectively. In some cases the attackers have been successful in guiding some victims to those links, which lead victims to credential-harvesting pages, Tom Burt, corporate vice president of Microsoft Security and Trust announced in blog published Wednesday morning. “We believe Phosphorus is engaging in these attacks for intelligence collection purposes,” Burt wrote in the blog. “The attacks were successful in compromising several victims, including former ambassadors and other senior policy experts who help shape […]

The post Munich Security Conference attendees targeted with Iran-linked spearphishing, Microsoft says appeared first on CyberScoop.

Continue reading Munich Security Conference attendees targeted with Iran-linked spearphishing, Microsoft says→

Cyber Command, Microsoft take action against TrickBot botnet before Election Day

Posted on October 12, 2020 by Shannon Vavra

TrickBot’s margin for success just got a lot smaller. The Pentagon’s offensive hacking arm, Cyber Command, has carried out an operation to hinder the ability of TrickBot, one of the world’s largest botnets, from attacking American targets, according to one U.S. government official who spoke to CyberScoop on the condition of anonymity because they were not authorized to discuss the matter. Microsoft also has sought to disrupt the TrickBot botnet, according to Tom Burt, the company’s corporate vice president of customer security and trust. The two operations represented distinct efforts to interrupt a pernicious threat that U.S. government officials say could be used to launch ransomware attacks against IT systems that support the voting process ahead of Election Day. Such an attack against voter registration systems, for instance, could result in confusion, delays or other uncertainties when Americans cast their ballots. As a result of the Microsoft operation, the people behind the TrickBot botnet — […]

The post Cyber Command, Microsoft take action against TrickBot botnet before Election Day appeared first on CyberScoop.

Continue reading Cyber Command, Microsoft take action against TrickBot botnet before Election Day→

Microsoft strikes back at Necurs botnet by preemptively disabling hacking tools

Posted on March 10, 2020 by Jeff Stone

Microsoft is trying to sink a vast network that cybercriminals have used for eight years to spread spam and hack computers throughout the globe. Microsoft announced on Tuesday that it has moved to disrupt the Necurs botnet, a network of more than 9 million computers that had been surreptitiously infected with malware and then used by hackers to carry out various schemes. Attackers, likely in Russia, according to Microsoft, used Necurs to distribute pharmaceutical spam, facilitate ransomware attacks and infect victims with numerous types of malicious software, such as the GameOver Zeus malware that is blamed for $100 million in losses. “The Necurs is one of the largest networks in the spam email threat ecosystem, with victims in nearly every country in the world,” Tom Burt, Microsoft’s corporate vice president for customer security and trust, said in a statement. “During a 58-day period in our investigation, for example, we observed that […]

The post Microsoft strikes back at Necurs botnet by preemptively disabling hacking tools appeared first on CyberScoop.

Continue reading Microsoft strikes back at Necurs botnet by preemptively disabling hacking tools→

10,000 Microsoft customers targeted by nation-state attacks in the last year

Posted on July 17, 2019 by Shannon Vavra

Microsoft has notified 10,000 customers in the past year that they have been the brunt of nation-state cyberattacks — some of which were successful — from Iran, North Korea, and Russia, Microsoft announced Wednesday. “This data demonstrates the significant extent to which nation-states continue to rely on cyberattacks as a tool to gain intelligence, influence geopolitics or achieve other objectives,” Tom Burt, corporate vice president of customer security & trust at Microsoft, wrote in a blog post on the matter. Microsoft has linked the attacks with a group linked with Iran broadly known as APT 33, with a group from North Korea known as APT 38, as well as two groups linked with Russia, APT 28 and APT 29, which Microsoft dubs Strontium and Yttrium respectively. APT 28 was behind the intrusions at the Democratic National Committee. Some of the attacks observed appear to be related to U.S. politics and […]

The post 10,000 Microsoft customers targeted by nation-state attacks in the last year appeared first on CyberScoop.

Continue reading 10,000 Microsoft customers targeted by nation-state attacks in the last year→

Russian hackers targeted 2018 reelection campaign of vulnerable Democrat

Posted on July 27, 2018 by Ryan Duffy

The same outfit of Russian hackers that launched cyberattacks against U.S. targets in the 2016 presidential election appears to have targeted Sen. Claire McCaskill, a critic of Moscow and red-state Democrat who faces a tough reelection bid. The news, first reported by the Daily Beast, makes the Missouri senator the first to be named in 2018 as a target of Russian hackers. There are at least two others. Last week, Microsoft executive Tom Burt said that earlier this year, hackers associated with the GRU, the Russian intelligence agency behind cyberattacks and disinformation campaigns during the 2016 presidential election, used spearphishing and fake Microsoft domains to target three candidates in the 2018 midterm elections. Burt said that the unnamed candidates “might have been interesting targets from an espionage standpoint as well as from an election standpoint.” McCaskill fits the bill on both counts. She serves as the ranking Democrat on the Homeland Security and Government […]

The post Russian hackers targeted 2018 reelection campaign of vulnerable Democrat appeared first on Cyberscoop.

Continue reading Russian hackers targeted 2018 reelection campaign of vulnerable Democrat→