Russian Government-Linked Hackers Target Global Organisations
Updated: Jan 2
[Edited] Microsoft researchers have uncovered a series of highly targeted phishing attacks on global organizations, with a Russian government-linked hacking group at the helm.
The hackers posed as technical support in Microsoft Teams chats, attempting to steal login credentials from unsuspecting users.
Since late May, these social engineering attacks have affected fewer than 40 unique organizations worldwide, according to Microsoft researchers. The company is currently investigating the incidents.
The Russian embassy in Washington has not yet responded to requests for comment regarding the hacking group's activities.
The hackers created domains and accounts that mimicked technical support services, engaging Teams users in chats and prompting them to approve multifactor authentication (MFA) prompts. Microsoft has taken action to mitigate the impact of the attack by blocking the use of these domains.
Teams, Microsoft's proprietary business communication platform, boasts over 280 million active users, as reported in the company's January financial statement.
Multifactor authentication (MFA) is a widely recommended security measure to prevent hacking and credential theft. The fact that the hackers targeted Teams suggests that they are finding new ways to bypass this security measure.
The hacking group responsible for these attacks, known as Midnight Blizzard or APT29, is believed to be based in Russia. The UK and US governments have linked the group to the country's foreign intelligence service, according to the researchers.
"The organizations targeted in this activity likely indicate specific espionage objectives by Midnight Blizzard directed at government, non-government organizations (NGOs), IT services, technology, discrete manufacturing, and media sectors," the researchers stated, without disclosing the names of the targeted organizations.
The researchers also noted that this recent attack, combined with previous activities, demonstrates Midnight Blizzard's ongoing execution of their objectives using both new and common techniques.
Midnight Blizzard has a history of targeting organizations, primarily in the US and Europe, dating back to 2018, the researchers added.
The hackers utilized compromised Microsoft 365 accounts owned by small businesses to create new domains that appeared to be legitimate technical support entities. These accounts then sent phishing messages via Teams to lure unsuspecting individuals, according to details provided in the Microsoft blog.
Microsoft researchers have discovered a series of highly targeted phishing attacks on global organizations, with a Russian government-linked hacking group behind the incidents.
The hackers posed as technical support in Microsoft Teams chats to steal login credentials.
The attacks have affected fewer than 40 organizations since late May, and Microsoft is currently investigating the matter.
Source: Reuters