nation-state
Safeguard articles tagged "nation-state" — guides, analysis, and best practices for software supply chain and application security.
11 articles
Microsoft Midnight Blizzard Source Code Theft 2024
Midnight Blizzard moved from email exfiltration to Microsoft source code repositories. The pivot from stolen OAuth tokens to code access is the supply chain lesson.
Salt Typhoon Telco Intrusion: What We Know
Salt Typhoon breached at least nine U.S. carriers, exposing lawful intercept systems. We unpack the attack chain and what telcos must fix in 2025.
Microsoft Midnight Blizzard: Detailed Timeline
A reconstructed public timeline of Microsoft's Midnight Blizzard intrusion, from the initial password spray in November 2023 through the source code and federal agency disclosures.
Cloudflare's Thanksgiving 2023 Breach: How Okta Credentials Led to a Nation-State Intrusion
Cloudflare disclosed that a nation-state actor used credentials stolen from the October 2023 Okta breach to access their Atlassian systems. Their transparent post-mortem set a new standard.
Midnight Blizzard and the Microsoft Email Breach
Russia's SVR-linked Midnight Blizzard sat inside Microsoft's corporate email for weeks. Here is what the January 2024 disclosure revealed about identity supply chains.
Microsoft Breached by Midnight Blizzard: Russian Hackers Read Executive Emails
In January 2024, Microsoft disclosed that the Russian state-sponsored group Midnight Blizzard had been reading emails of senior executives and security team members since November 2023, using a password spray attack against a legacy test account.
Midnight Blizzard Breaches Microsoft: What the Exchange Online Attack Means for Everyone
Russian state actors compromised Microsoft executive email accounts through a password spray attack on a legacy test tenant. The breach exposed how identity misconfigurations cascade.
Lessons from SolarWinds: Two Years Later
Two years after the SolarWinds breach reshaped cybersecurity, we examine what the industry actually learned and what organizations still get wrong about supply chain security.
Costa Rica Conti Ransomware: The First Ransomware Attack to Trigger a National Emergency
The Conti ransomware group attacked Costa Rica's government systems so severely that the president declared a national emergency — the first time a country took such action in response to a cyberattack.
Microsoft Exchange HAFNIUM Attack: Four Zero-Days That Compromised 30,000 Organizations
Chinese state-sponsored group HAFNIUM exploited four zero-day vulnerabilities in Microsoft Exchange Server, compromising an estimated 30,000 US organizations and hundreds of thousands globally.
SolarWinds SUNBURST: Lessons for Supply Chain Security
The SolarWinds attack compromised 18,000 organizations through a single tampered update. Six months later, here's what the industry should have learned.