Russia-Backed Bad Actors Attack Government Agencies Through Microsoft Teams
The hackers exploited compromised Microsoft 365 accounts to generate fraudulent Microsoft support domains.
- Microsoft has revealed that a hacking group linked to Russia has targeted several organizations worldwide through the Teams app.
- The phishing attempts on around 40 global organizations indicated objectives associated with espionage.
A hacking group linked to the Russian government aimed a series of phishing attacks on global organizations through Microsoft Teams chats, researchers from Microsoft Threat Intelligence said.
The group known as Midnight Blizzard exploited compromised Microsoft 365 accounts to generate domains that masqueraded as Microsoft Tech Support. These domains were used to send chat messages on Teams to push targets into approving MFA prompts or clicking links to webpages that steal credentials such as login details.
Furthermore, some attacks attempted to surreptitiously add a managed device to organizations via Microsoft Entra ID to avoid conditional access policies restricting access to managed devices.
The hacker group, also known as Nobelium, APT29, or Cozy Bear, has been previously linked to the Russian Foreign Intelligence Service and was accused of compromising the Democratic National Committee before the 2016 U.S. elections.
See More: Did You Reset Your Canon Printer Before Selling It? Apparently, It’s Not Enough
Microsoft is investigating these social engineering attacks, which began in late May of 2023, with Teams being its primary business communication platform, accounting for over 280 million active users. According to Microsoft, fewer than 40 organizations, including NGOs, media bodies, government officials, and manufacturing companies, were targeted by the attacks.
This is not the first security incident related to Microsoft this year. Earlier in July, Chinese bad actors were able to break into the Exchange Online email accounts of the U.S. Department of Commerce and the U.S. Department of State.
Additionally, in March, the CEO of Tenable stated that their research team found a critical vulnerability in Microsoft Azure, which allowed limited unauthorized access to sensitive information and cross-tenant applications. Microsoft later corrected the issue.
What do you think Microsoft can do to better secure its products? Let us know your thoughts on LinkedIn, Twitter, or Facebook. We’d love to hear from you!
Image source: Shutterstock
LATEST NEWS STORIES
