Russia-Linked Hackers Conduct Dozens of Teams Phishing Attacks, Microsoft Reports

Russia-Linked Hackers Conduct Dozens of Teams Phishing Attacks, Microsoft Reports

(Photo - Getty Images)


What Happened:

According to recent reports by Microsoft researchers, a Russian government-linked hacking group has launched a series of targeted phishing attacks on numerous global organizations. The attacks, which began in late May, involve the hackers impersonating technical support personnel in Microsoft Teams chats in an attempt to steal login credentials from unsuspecting users.

The campaign has affected fewer than 40 unique global organizations, and Microsoft is actively investigating the incidents. The company has already taken measures to mitigate the use of domains employed by the hackers. Despite the attackers attempting to exploit multifactor authentication (MFA) prompts, Microsoft is determined to counter their efforts and protect users’ security.

Microsoft Teams, a proprietary business communication platform, is widely used, boasting more than 280 million active users as of January 2023. The targeting of Teams users suggests that hackers are devising new methods to bypass MFA, which is a widely recommended security measure to prevent unauthorized access to accounts.

Who Is Responsible:

The group behind these attacks, known in the industry as Midnight Blizzard or APT29, is based in Russia and the UK. The U.S. and UK governments have previously linked this group to Russia’s foreign intelligence service. The researchers believe that the targets of this activity indicate specific espionage objectives aimed at government entities, non-government organizations (NGOs), IT services, technology, discrete manufacturing, and media sectors.

Midnight Blizzard has a history of targeting organizations in the U.S. and Europe since 2018. In this recent campaign, the hackers utilized already-compromised Microsoft 365 accounts owned by small businesses to create new domains that appeared to be legitimate technical support entities, incorporating the word “microsoft” in the domain names. The compromised accounts were then used to send phishing messages to potential victims through Microsoft Teams.

The Response:

Microsoft urges its users to remain vigilant against such social engineering attacks and to report any suspicious messages or activities. As the investigation continues, the company is committed to identifying and remediating the impact of the attack while enhancing security measures to prevent future incidents.

The Russian embassy in Washington has not yet responded to the reports.


Authored by contributor Anthony J. Daw

Joshua Paulo
Joshua Paulo
Combining a Criminal Justice and International Relations background, Josh boasts years of experience in various forms of analysis and freelance journalism. He currently spearheads a team of professionals committed to delivering unbiased reporting to provide the public and private sector with accurate and insightful information. Josh serves as Atlas's Director of News.
- Sponsor -spot_img
- Sponsor -spot_img

Week's Top Stories

More In This Category

Pakistani JF-17 Fighter Jet Crash Confirmed but PAF Remains Silent

Today, Martin-Baker, the British manufacturer of ejection seats who...

Sudan Requests Sanctions Against Chad and the UAE

The Sudanese military government has issued a request to...

Eritrea Supports Increased Russian Presence in Africa, Russian Ambassador Claims

In an interview with Russian state news agency TASS...

Taiwan Coast Guard Arrest Chinese Individual Who Drove Speed Boat Into Tamsui Harbor

On June 9th, personnel from the Taiwan Coast Guard...