Security News > 2023 > August > Russian hackers target govt orgs in Microsoft Teams phishing attacks
Microsoft says a hacking group tracked as APT29 and linked to Russia's Foreign Intelligence Service targeted dozens of organizations worldwide, including government agencies, in Microsoft Teams phishing attacks.
These new domains were part of the 'onmicrosoft.com' domain, a legitimate Microsoft domain that is automatically used by Microsoft 365 for fallback purposes in case a custom domain is not created.
"In some cases, the actor attempts to add a device to the organization as a managed device via Microsoft Entra ID, likely an attempt to circumvent conditional access policies configured to restrict access to specific resources to managed devices only," Microsoft added.
Last month, Microsoft refused to address a security issue in Microsoft Teams that can let anyone bypass restrictions for incoming files from external tenants using a Python tool named TeamsPhisher, developed by Alex Reid, a U.S. Navy's Red team member.
Microsoft enhances Windows 11 Phishing Protection with new features.
New tool exploits Microsoft Teams bug to send malware to users.
News URL
Related news
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Free Sniper Dz Phishing Tools Fuel 140,000+ Cyber Attacks Targeting User Credentials (source)
- North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks (source)
- 100+ domains seized to stymie Russian Star Blizzard hackers (source)
- U.S. and Microsoft Seize 107 Russian Domains in Major Cyber Fraud Crackdown (source)
- US Government, Microsoft Aim to Disrupt Russian threat actor ‘Star Blizzard’ (source)
- Pro-Ukrainian Hackers Strike Russian State TV on Putin's Birthday (source)
- Microsoft issues 117 patches – some for flaws already under attack (source)