Business Maverick

Business Maverick

Microsoft says Russia-linked hackers behind dozens of Teams phishing attacks

Microsoft says Russia-linked hackers behind dozens of Teams phishing attacks
A computer hacker types on a keyboard. (Photo: Oliver Nicolaas Ponder/EyeEm via Getty Images)

A Russian government-linked hacking group took aim at dozens of global organisations with a campaign to steal login credentials by engaging users in Microsoft Teams chats pretending to be from technical support, Microsoft researchers said on Wednesday.

These “highly targeted” social engineering attacks have affected “fewer than 40 unique global organisations” since late May, Microsoft researchers said in a blog, adding that the company was investigating.

The hackers set up domains and accounts that looked like technical support and tried to engage Teams users in chats and get them to approve multifactor authentication (MFA) prompts, the researchers said.

“Microsoft has mitigated the actor from using the domains and continues to investigate this activity and work to remediate the impact of the attack,” they added.

Teams is Microsoft’s proprietary business communication platform, with more than 280 million active users, according to the company’s January financial statement.

MFAs are a widely recommended security measure aimed at preventing hacking or stealing of credentials. The Teams targeting suggests hackers are finding new ways to get past it.

The hacking group behind this activity, known in the industry as Midnight Blizzard or APT29, is based in Russia and the UK and U.S. governments have linked it to the country’s foreign intelligence service, the researchers said.

“The organisations targeted in this activity likely indicate specific espionage objectives by Midnight Blizzard directed at government, non-government organisations (NGOs), IT services, technology, discrete manufacturing, and media sectors,” they said, without naming any of the targets.

“This latest attack, combined with past activity, further demonstrates Midnight Blizzard’s ongoing execution of their objectives using both new and common techniques,” the researchers wrote.

Midnight Blizzard has been known to target such organisations, mainly in the U.S. and Europe, going back to 2018, they added.

The hackers used already-compromised Microsoft 365 accounts owned by small businesses to make new domains that appeared to be technical support entities and had the word “microsoft” in them, according to details in the Microsoft blog. Accounts tied to these domains then sent phishing messages to bait people via Teams, the researchers said. DM


Comments - Please in order to comment.

  • Rae Earl says:

    Ramaphosa and Naledi Pandor’s big buddy Vladimir Putin would obviously know about and support this type of underworld activity and yet they give him their full support. Do they imagine for one minute that Russia would treat SA any differently when it suits them. Their closing of the Black Sea grain conduit says it all. The ANC needs to wake up.

Please peer review 3 community comments before your comment can be posted


This article is free to read.

Sign up for free or sign in to continue reading.

Unlike our competitors, we don’t force you to pay to read the news but we do need your email address to make your experience better.

Nearly there! Create a password to finish signing up with us:

Please enter your password or get a sign in link if you’ve forgotten

Open Sesame! Thanks for signing up.

We would like our readers to start paying for Daily Maverick...

…but we are not going to force you to. Over 10 million users come to us each month for the news. We have not put it behind a paywall because the truth should not be a luxury.

Instead we ask our readers who can afford to contribute, even a small amount each month, to do so.

If you appreciate it and want to see us keep going then please consider contributing whatever you can.

Support Daily Maverick→
Payment options

Daily Maverick Elections Toolbox

Feeling powerless in politics?

Equip yourself with the tools you need for an informed decision this election. Get the Elections Toolbox with shareable party manifesto guide.