Microsoft Teams Used by Russia-Linked Hackers to Target Firms With Phishing Campaign, Microsoft Says

Microsoft has warned that the hackers have conducted "highly targeted" social engineering attacks on "fewer than 40 unique global organisations" since late May.

By Reuters | Updated: 3 August 2023 12:08 IST

Microsoft Teams Used by Russia-Linked Hackers to Target Firms With Phishing Campaign, Microsoft Says

Photo Credit: Reuters

Microsoft has mitigated the actor from using the domains

Highlights

Teams is Microsoft's proprietary business communication platform
It has more than 280 million active users
The hackers used already-compromised Microsoft 365 accounts

A Russian government-linked hacking group took aim at dozens of global organizations with a campaign to steal login credentials by engaging users in Microsoft Teams chats pretending to be from technical support, Microsoft researchers said on Wednesday.

These "highly targeted" social engineering attacks have affected "fewer than 40 unique global organizations" since late May, Microsoft researchers said in a blog, adding that the company was investigating.

The Russian embassy in Washington didn't immediately respond to a request for comment.

Baldur’s Gate 3 Won’t Arrive on Xbox Until 2024, Larian Studios Says

The hackers set up domains and accounts that looked like technical support and tried to engage Teams users in chats and get them to approve multifactor authentication (MFA) prompts, the researchers said.

"Microsoft has mitigated the actor from using the domains and continues to investigate this activity and work to remediate the impact of the attack," they added.

Teams is Microsoft's proprietary business communication platform, with more than 280 million active users, according to the company's January financial statement.

iPhone Sales Set to Drop as Analyst Predict Q3 Revenue Slide for Apple

MFAs are a widely recommended security measure aimed at preventing hacking or stealing of credentials. The Teams targeting suggests hackers are finding new ways to get past it.

The hacking group behind this activity, known in the industry as Midnight Blizzard or APT29, is based in Russia, and the UK and US governments have linked it to the country's foreign intelligence service, the researchers said.

"The organizations targeted in this activity likely indicate specific espionage objectives by Midnight Blizzard directed at the government, non-government organizations (NGOs), IT services, technology, discrete manufacturing, and media sectors," they said, without naming any of the targets.

AMD Aims to Debut AI Chip by Q4 2023, Raises Q3 Forecast to $5.7 Billion

"This latest attack, combined with past activity, further demonstrates Midnight Blizzard's ongoing execution of their objectives using both new and common techniques," the researchers wrote.

Midnight Blizzard has been known to target such organizations, mainly in the US and Europe, going back to 2018, they added.

The hackers used already-compromised Microsoft 365 accounts owned by small businesses to make new domains that appeared to be technical support entities and had the word "Microsoft" in them, according to details in the Microsoft blog. Accounts tied to these domains then sent phishing messages to bait people via Teams, the researchers said.

Samsung launched the Galaxy Z Fold 5 and Galaxy Z Flip 5 alongside the Galaxy Tab S9 series and Galaxy Watch 6 series at its first Galaxy Unpacked event in South Korea. We discuss the company's new devices and more on the latest episode of Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.

Affiliate links may be automatically generated - see our ethics statement for details.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.