2023-08-03 04:15:41
Microsoft Teams
A phishing attack was launched via the office software.
(Photo: IMAGO/Rüdiger Wölk)
San Francisco A Russian hacker group has targeted dozens of organizations worldwide via the Microsoft Teams platform. Microsoft announced on Wednesday that the aim of the attack was login data. The attackers were already using compromised Microsoft 365 accounts owned by small businesses to pose as Microsoft technical support via the companies’ new domains.
These then sent phishing messages via Teams to get data on their multi-factor authentication credentials (MFA) via chats with the users. Microsoft has already banned the use of fake support domains.
The “very targeted” attacks have affected “fewer than 40 individual global organizations” since the end of May, Microsoft said. The company announced an investigation into the incident. The Russian embassy in Washington initially did not respond to a Reuters request for comment.
The hacking group is known in the industry as Midnight Blizzard or APT29. According to Microsoft, it is based in Russia and has been linked to Russian intelligence services by the UK and US governments.
“The organizations targeted by this activity are likely indicative of Midnight Blizzard’s specific espionage targets targeting governments, non-governmental organizations (NGOs), IT services, technology, discrete manufacturing, and the media sector,” Microsoft explained.
Midnight Blizzard has been known to attack such organizations since 2018 – especially in the US and Europe. MFAs are a widely recommended security measure to prevent hacking or credential theft.
More: EU takes action against Microsoft over “Teams” software
#Russian #hackers #phishing #attacks #Teams