Microsoft has suffered another compromise at the hands of the hacktivist group the Syrian Electronic Army (SEA), with the organisation gaining access to the firm's blogging platform for the third time in as many weeks.
Screenshots posted on one of the SEA's Twitter accounts appear to show the back end of Microsoft's Wordpress-based blogging platform. The group loaded its own posts onto various Microsoft blogs, including one on the Microsoft Office blog entitled "Hacked by the Syrian Electronic Army".
The SEA poked fun at Microsoft in a tweet, insisting that Microsoft's staff were responsible for the SEA's constant hacking successes.
It is believed that the SEA gained the credentials from Microsoft staff through simple phishing tactics, sending emails which appear to come from a legitimate source, leading users to web pages requiring them to enter their login credentials. These are then taken by the SEA to use in their campaign of blog posts.
The SEA also attacked Microsoft's Skype blog and Twitter accounts at the start of January, posting multiple blog posts and tweets until the firm regained control. The issues continued last week, when the SEA once again took over the Microsoft News and Xbox Support Twitter accounts. At the same time, its TechNet blog was also compromised.
The SEA's motivation for the attacks is unclear, although one aim for the group's other attacks on media organisations such as the Associated Press were intended to decrease public trust in news organisations. The SEA is believed to be led by a user known as The Shadow, who is in his mid-twenties.
The latest attack will be another unwanted embarrassment to Microsoft. The firm has not yet responded to V3's request for further information on the attack and whether user data was compromised.
And, yep, it'll run Android rather than RiscOS
US engineering giant's cost-cutting outsourcing plan is on the rocks, according to insiders
HP Envy X2 laptop only affordable if you've got loadsamoney
Counterfeit code-signing certificates enabling hackers to hide malware being sold by cyber criminals
Certificates can be used as part of layered obfuscation to evade detection by anti-virus software