The Syrian Electronic Army took to Twitter once again to announce that it had hacked another one of Microsoft’s public-facing properties.
Today’s victim were the Official Office Blogs, which briefly had a pair of (now-removed) posts claiming that the blogs had been hacked by the group, which is aligned with Syrian President Bashar al-Assad. The attacks come less than a week after Microsoft revealed that the SEA was able to gain access to the email accounts of a limited number of its employees, and in the same month following attacks on the Official Microsoft Blog, Skype Blog, and a number of company Twitter accounts.
In addition, the SEA taunted Microsoft on Twitter, posting screenshots of the blogs’ admin panel from before and after Microsoft switched them to WordPress today.
This is the first time that the SEA hasn’t also coordinated its attack on one of Microsoft’s blog with a simultaneous attack on one of the company’s Twitter accounts, which may be a positive sign for Microsoft’s security.
It seems like the SEA managed to obtain the login credentials that it’s using from phishing members of Microsoft’s staff, rather than a targeted hack, which means that the group may be burning through a list of usernames and passwords. If that’s the case, it’s a race between Microsoft and the SEA to shore up targeted employees’ password protections, while the SEA tries to string together as many attacks as it can.
Update: A Microsoft spokesperson provided the following statement about the attack in an email to GeekWire: “A targeted cyberattack temporarily affected the Microsoft Office blog. The account was quickly reset and we can confirm that no customer information was compromised.”