Security News > 2023 > August > Russian hackers target govt orgs in Microsoft Teams phishing attacks
Microsoft says a hacking group tracked as APT29 and linked to Russia's Foreign Intelligence Service targeted dozens of organizations worldwide, including government agencies, in Microsoft Teams phishing attacks.
These new domains were part of the 'onmicrosoft.com' domain, a legitimate Microsoft domain that is automatically used by Microsoft 365 for fallback purposes in case a custom domain is not created.
"In some cases, the actor attempts to add a device to the organization as a managed device via Microsoft Entra ID, likely an attempt to circumvent conditional access policies configured to restrict access to specific resources to managed devices only," Microsoft added.
Last month, Microsoft refused to address a security issue in Microsoft Teams that can let anyone bypass restrictions for incoming files from external tenants using a Python tool named TeamsPhisher, developed by Alex Reid, a U.S. Navy's Red team member.
Microsoft enhances Windows 11 Phishing Protection with new features.
New tool exploits Microsoft Teams bug to send malware to users.
News URL
Related news
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)
- Microsoft Teams phishing attack alerts coming to everyone next month (source)
- Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks (source)
- Russian hackers use RDP proxies to steal data in MiTM attacks (source)
- Hackers use FastHTTP in new high-speed Microsoft 365 password attacks (source)
- Week in review: 48k Fortinet firewalls open to attack, attackers “vishing” orgs via Microsoft Teams (source)
- Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware (source)
- HubSpot phishing targets 20,000 Microsoft Azure accounts (source)
- Ongoing phishing attack abuses Google Calendar to bypass spam filters (source)
- New FlowerStorm Microsoft phishing service fills void left by Rockstar2FA (source)