Safeguard
Tag

nation-state

Safeguard articles tagged "nation-state" — guides, analysis, and best practices for software supply chain and application security.

11 articles

Incident Analysis

Microsoft Midnight Blizzard Source Code Theft 2024

Midnight Blizzard moved from email exfiltration to Microsoft source code repositories. The pivot from stolen OAuth tokens to code access is the supply chain lesson.

Feb 25, 20268 min read
Incident Analysis

Salt Typhoon Telco Intrusion: What We Know

Salt Typhoon breached at least nine U.S. carriers, exposing lawful intercept systems. We unpack the attack chain and what telcos must fix in 2025.

Jan 14, 20254 min read
Incident Analysis

Microsoft Midnight Blizzard: Detailed Timeline

A reconstructed public timeline of Microsoft's Midnight Blizzard intrusion, from the initial password spray in November 2023 through the source code and federal agency disclosures.

Jun 25, 20247 min read
Incident Analysis

Cloudflare's Thanksgiving 2023 Breach: How Okta Credentials Led to a Nation-State Intrusion

Cloudflare disclosed that a nation-state actor used credentials stolen from the October 2023 Okta breach to access their Atlassian systems. Their transparent post-mortem set a new standard.

Feb 1, 20245 min read
Incident Analysis

Midnight Blizzard and the Microsoft Email Breach

Russia's SVR-linked Midnight Blizzard sat inside Microsoft's corporate email for weeks. Here is what the January 2024 disclosure revealed about identity supply chains.

Jan 25, 20245 min read
Incident Analysis

Microsoft Breached by Midnight Blizzard: Russian Hackers Read Executive Emails

In January 2024, Microsoft disclosed that the Russian state-sponsored group Midnight Blizzard had been reading emails of senior executives and security team members since November 2023, using a password spray attack against a legacy test account.

Jan 19, 20247 min read
Threat Intelligence

Midnight Blizzard Breaches Microsoft: What the Exchange Online Attack Means for Everyone

Russian state actors compromised Microsoft executive email accounts through a password spray attack on a legacy test tenant. The breach exposed how identity misconfigurations cascade.

Jan 19, 20246 min read
Case Studies

Lessons from SolarWinds: Two Years Later

Two years after the SolarWinds breach reshaped cybersecurity, we examine what the industry actually learned and what organizations still get wrong about supply chain security.

Dec 13, 20226 min read
Ransomware

Costa Rica Conti Ransomware: The First Ransomware Attack to Trigger a National Emergency

The Conti ransomware group attacked Costa Rica's government systems so severely that the president declared a national emergency — the first time a country took such action in response to a cyberattack.

Apr 18, 20225 min read
Zero-Day Exploits

Microsoft Exchange HAFNIUM Attack: Four Zero-Days That Compromised 30,000 Organizations

Chinese state-sponsored group HAFNIUM exploited four zero-day vulnerabilities in Microsoft Exchange Server, compromising an estimated 30,000 US organizations and hundreds of thousands globally.

Jun 20, 20215 min read
Supply Chain Attacks

SolarWinds SUNBURST: Lessons for Supply Chain Security

The SolarWinds attack compromised 18,000 organizations through a single tampered update. Six months later, here's what the industry should have learned.

May 15, 20215 min read
nation-state — Safeguard Blog