Russia-Linked Hackers Conduct Dozens of Teams Phishing Attacks, Microsoft Reports

Russia-Linked Hackers Conduct Dozens of Teams Phishing Attacks, Microsoft Reports

(Photo - Getty Images)


What Happened:

According to recent reports by Microsoft researchers, a Russian government-linked hacking group has launched a series of targeted phishing attacks on numerous global organizations. The attacks, which began in late May, involve the hackers impersonating technical support personnel in Microsoft Teams chats in an attempt to steal login credentials from unsuspecting users.

The campaign has affected fewer than 40 unique global organizations, and Microsoft is actively investigating the incidents. The company has already taken measures to mitigate the use of domains employed by the hackers. Despite the attackers attempting to exploit multifactor authentication (MFA) prompts, Microsoft is determined to counter their efforts and protect users’ security.

Microsoft Teams, a proprietary business communication platform, is widely used, boasting more than 280 million active users as of January 2023. The targeting of Teams users suggests that hackers are devising new methods to bypass MFA, which is a widely recommended security measure to prevent unauthorized access to accounts.

Who Is Responsible:

The group behind these attacks, known in the industry as Midnight Blizzard or APT29, is based in Russia and the UK. The U.S. and UK governments have previously linked this group to Russia’s foreign intelligence service. The researchers believe that the targets of this activity indicate specific espionage objectives aimed at government entities, non-government organizations (NGOs), IT services, technology, discrete manufacturing, and media sectors.

Midnight Blizzard has a history of targeting organizations in the U.S. and Europe since 2018. In this recent campaign, the hackers utilized already-compromised Microsoft 365 accounts owned by small businesses to create new domains that appeared to be legitimate technical support entities, incorporating the word “microsoft” in the domain names. The compromised accounts were then used to send phishing messages to potential victims through Microsoft Teams.

The Response:

Microsoft urges its users to remain vigilant against such social engineering attacks and to report any suspicious messages or activities. As the investigation continues, the company is committed to identifying and remediating the impact of the attack while enhancing security measures to prevent future incidents.

The Russian embassy in Washington has not yet responded to the reports.


Authored by contributor Anthony J. Daw

Joshua Paulo
Joshua Paulo
Joshua Paulo serves as Atlas's Director of News, combining a Criminal Justice degree and a background in public service and International Relations. Boasting years of experience in analysis and journalism, he now spearheads a team of professionals committed to delivering unbiased reporting to provide the public and private sector with accurate and insightful information.
- Sponsor -spot_img
- Sponsor -spot_img

Week's Top Stories

More In This Category

Munich Conference Reflect Concerns About the Security of Europe

What Happened: The Munich Conference is a gathering of important...

US State Department Releases Statement on Continued Houthi Attacks

What to Know: The United States State Department has released...

M23 Announces Killing of Two Romanian Mercenaries in DRC

What's Happening The Democratic Republic of the Congo's (DRC) M23...

Zimbabwe Announces Polio Outbreak

What You Need to Know: An outbreak of the polio...