Skip to main content

Syrian Electronic Army in new Microsoft hack

The Syrian Electronic Army (SEA) has hijacked Microsoft's social media platforms in what is the second attack of its kind in as many weeks.

Two of Microsoft's Twitter accounts and the newly redesigned Office blog were targeted by the group, with messages stating "hacked by the Syrian Electronic Army".

Microsoft has since removed the posts but is yet to make any comment on the security breach.

The SEA has previously targeted Microsoft for the company's perceived role in the spying scandal that erupted from leaked documents regarding surveillance practices of the American National Security Agency (NSA).

One tweet from the first attack stated: "Don't use Microsoft emails (hotmail, outlook), they are monitoring your accounts and selling the data to the governments."

The group posted screenshots of the Microsoft blogs and content management system (CMS) that it had most recently hacked to its own Twitter account. It also posted a warning addressed to Microsoft stating: "changing the CMS will not help you if your employees are hacked and they don't know about that."

The possibility that Microsoft accounts are still compromised may well lead to similar follow-up attacks. The SEA had previously warned that there was more to come.

"We didn't finish our attack on @Microsoft yet, stay tuned for more," the group said.

The method of attack is understood to not be particularly sophisticated, however it has allowed the SEA to hack several high profile targets. Last year, The Guardian and The New York Times were both targeted by the group.

Rick Ferguson, vice president of security research at Trend Micro, previously explained to ITProPortal how Microsoft employees were most likely sent emails containing malware that then divulged usernames and passwords.

"Key individuals in the target enterprise would have received well-crafted and convincing emails, either with a malicious file attached, or containing a credible-looking link," Ferguson said.

"Once compromised through either infection or phishing, then the account usernames and passwords would be available to the attacker, allowing further malicious activity."