The Syrian Electronic Army has won another scalp this weekend, hijacking two official Microsoft Twitter accounts (@MSFTnews and @XboxSupport) as well as the company’s official blog on TechNet.
Microsoft has since wrestled control of its Twitter accounts back, but it’s clearly worried about what the hackers might have been up to on their blog – shutting them “for maintenance” for the time being:
The pro-Assad hackers, who have managed to compromise the social media accounts of many media organisations and corporations in the last year or so using fairly rudimentary phishing techniques, were reported by Mashable to have said that they targeted Microsoft because they believe the company is assisting governments and intelligence agencies with surveillance.
This attack comes less than two weeks after Skype (which is owned by Microsoft) had its Twitter account, Facebook page and blog hijacked by the Syrian Electronic Army who phished password details from an unwary member of the company’s social media team.
If only the people looking after the @XBoxSupport and @MSFTnews Twitter accounts had followed the advice from their own firm’s security team, who warned of the threat of phishing attacks just days ago.
There’s no sign of the Syrian Electronic Army slowing down in its campaign of phishing attacks, designed to embarrass organisations and media outlets. Educate your staff about phishing attacks, and consider implementing two factor authentication to better control access to your social media accounts.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.