Using Microsoft Teams software, a group of Russian hackers infiltrated several organizations and government agencies. They pretended to be technical support employees in order to gain access to computers and take control of them.
The cyber war waged by Russia is definitely not ready to stop. Microsoft security researchers have identified a successful social engineering campaign by a group of Russian hackers known as Midnight Blizzard. Unlike invisible malware attacks, social engineering consists of manipulating the victim into giving himself access to his machine, without knowing that hackers are at the origin of the request of course.
Last May, hackers used already compromised Microsoft 365 accounts to create domain names that looked like legitimate tech support. They then use them to send messages via Microsoft Teams to employees of the structures targeted by the attack. “If he accepts the conversation request, the user receives a message on Microsoft Teams seeking to convince him to enter a code on the Microsoft Authenticator application on their mobile,” Microsoft specifies. If he does, the hacker gains full control of the employee’s accountand therefore access to its data.
A group of Russian hackers hacks governments with Microsoft Teams
In total, around 40 organizations were hacked to varying degrees. Among them, government agencies, corporate IT departments or the media. Microsoft does not name any, but believes that the material collected indicates “specific espionage objectives”. The firm adds that it prevented hackers from using the domain names again and warned all the entities or persons concerned.
Read also – Russia passes a law that kills anonymity on the Internet
The group behind the attack is far from unknown. Since its discovery in 2018, it has gone by many names like NOBELIUM, APT29 or Cozy Bear. He is notably at the origin of the SolarWinds hack in 2020, which allowed him to recover the personal data of 20,000 of the firm’s clients, such as the United States Department of Defense, among others. Midnight Blizzard mainly targets American and European organizations.