(844) 627-8267
(844) 627-8267

Russian hacking group targets Microsoft Teams users | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

A Russian government-linked hacking group has been targeting global organisations, among them government agencies, with the aim of stealing Microsoft Teams credentials.

The highly targeted attacks engage users in Microsoft Teams chats by puporting to be from technical support, Microsoft researchers said in a blog post on Wednesday.

The hacking group behind this activity is known as Midnight Blizzard (previously known as Nobeliam) and tracked as APT29. The group is based in Russia and is linked to the country’s foreign intelligence service.

According to Microsoft, Midnight Blizzard is known to mainly target governments, diplomatic entities, NGOs and IT service providers primarily based in the US and Europe. Microsoft said:

“Our current investigation indicates this campaign has affected fewer than 40 unique global organizations. The organizations targeted in this activity likely indicate specific espionage objectives by Midnight Blizzard directed at government, non-government organizations (NGOs), IT services, technology, discrete manufacturing, and media sectors.”

No organisation is named.

The hackers used compromised Microsoft 365 tenants to create domains which look like legitimate technical support ones. They then send individual users tech support focused messages, with the aim of manipulating users into granting approval for multifactor authentication (MFA) prompts, ultimately aiming to steal their credentials. 

The messages came from the legitimate onmicrosoft.com domain, which will have increased the likelihood of the fake Microsoft support messages being percieved as genuine.

APT29 came to international attention at the end of 2020 with the SolarWinds supply chain attack. Microsoft warned in June that it was observing an increase in credential phishing attempts – and that this group was likely to be behind it.   




Click Here For The Original Story From This Source.

National Cyber Security