It turns out that a Russian hacking group was conducting a phishing attack via Microsoft Teams under the guise of corporate technical support
It turns out that a Russian hacking group pretended to be technical support for a small business, sending messages via Microsoft Teams to force users to authenticate their logins. Microsoft points out that this act affected less than 40 organizations.
Midnight Blizzard conducts targeted social engineering over Microsoft Teams | Microsoft Security Blog
Microsoft says Russia-linked hackers behind dozens of Teams phishing attacks | Reuters
Russian military hackers sent phishing lures masquerading as Microsoft Teams chats
https://therecord.media/russian-hackers-sent-phishing-lures
According to information shared by Microsoft's security team, attacks from the hacking group Midnight Blizzard, also known by names such as `` APT29 '', `` NOBELIUM '', and `` Cozy Bear '' began in late May 2023, targeting government and non-governmental organizations. , Less than 40 companies, including IT companies and media companies, were affected.
Midnight Blizzard created a new domain with the word 'microsoft' using an already hacked small business account and started activities under the guise of technical support. Attackers masquerading as technical support have reportedly sent phishing messages to companies via Microsoft Teams, launching phishing attacks that force them to authenticate to multi-factor authentication prompts.
If the user were to perform multi-factor authentication, the attacker would be authenticated as the user and gain access to the user's Microsoft 365 account.
Users who have already been attacked have been notified by Microsoft, and Microsoft has responded by restricting the use of domains by attackers. 'Microsoft continues to investigate this activity and is working to mitigate the impact of the attack,' a security team official added.
Related Posts:
in Security, Posted by log1p_kr