Skip to content

Russian Hacking Group targets organizations through teams

In a series of recent cybersecurity findings, Microsoft researchers have unveiled a highly orchestrated and elaborate hacking campaign targeting global organizations via Microsoft Teams chats. The operation, attributed to a group linked to the Russian government known as Midnight Blizzard, or APT29, demonstrates a sophisticated understanding of social engineering.

Since late May, this group has been executing “highly targeted” social engineering attacks, affecting fewer than 40 global organizations. Attackers cleverly impersonated technical support staff to trick users into unwittingly divulging login credentials.

Microsoft’s business communication platform, Teams, with more than 280 million active users, became a breeding ground for such fraudulent activities. Hackers set up fake domains and accounts, which cleverly resembled legitimate tech support entities. By engaging unsuspecting computer users in chats, they convinced them to accept Multi-Factor Authentication (MFA) requests, a widely recommended security measure.

Despite Microsoft’s quick actions to neutralize the threat, the attack raises concerns about the ability of hackers to circumvent strong security measures like MFA, indicating their growing sophistication.

Investigations indicate that Midnight Blizzard’s targets primarily revolve around espionage, with targeted organizations spanning a range of sectors, including government bodies, non-governmental organizations (NGOs), IT services, technology companies, manufacturing discreet and the media. Although specific targets have not been disclosed, the implications are far-reaching.

The history of the hacking group dates back to 2018, when they mainly targeted organizations in the United States and Europe. Their recent approach involved ingeniously leveraging already compromised Microsoft 365 accounts owned by small businesses. Using these accounts, they created fraudulent domains that incorporated the term “microsoft”, luring victims into trusting spoofed technical support channels. Later, phishing messages were sent through computers, catching people off guard.

The current attack highlights Midnight Blizzard’s ongoing commitment to executing its objectives using a combination of innovative and conventional techniques, posing an ongoing challenge to cybersecurity efforts worldwide. As organizations become increasingly aware of these threats, strengthening cybersecurity measures remains critical to protecting sensitive data and credentials.

This article is sourced from and written by AI.

Track and stay informed about AI-generated news:


Leave a Reply

Your email address will not be published. Required fields are marked *