Target credentials
Microsoft sees Russian hackers behind phishing attacks
8/3/2023 6:38 am
According to Microsoft, there have been “targeted” attacks on dozens of global organizations since the end of May. The driving force behind it: a Russian hacker group, also known as Midnight Blizzard. Great Britain and the USA associate them with Russian secret services.
A Russian hacker group has targeted dozens of organizations worldwide via the Microsoft Teams platform. The aim of the attack was login data, Microsoft said. The attackers were already using compromised Microsoft 365 accounts owned by small businesses to pose as Microsoft technical support via the companies’ new domains. These then sent phishing messages via Teams to get data on their multi-factor authentication credentials (MFA) via chats with the users. Microsoft has already banned the use of fake support domains.
The “very targeted” attacks have affected “fewer than 40 individual global organizations” since the end of May, Microsoft said. The company announced an investigation into the incident. The Russian embassy in Washington did not respond to a Reuters request for comment. The hacking group is known in the industry as Midnight Blizzard or APT29. According to Microsoft, it is based in Russia and has been linked to Russian intelligence services by the UK and US governments.
“The organizations targeted by this activity are likely indicative of Midnight Blizzard’s specific espionage targets targeting governments, non-governmental organizations (NGOs), IT services, technology, discrete manufacturing, and the media sector,” Microsoft explained. Midnight Blizzard has been known to attack such organizations since 2018 – especially in the US and Europe. MFAs are a widely recommended security measure to prevent hacking or credential theft.