Security News > 2023 > August > Russian hackers target govt orgs in Microsoft Teams phishing attacks
Microsoft says a hacking group tracked as APT29 and linked to Russia's Foreign Intelligence Service targeted dozens of organizations worldwide, including government agencies, in Microsoft Teams phishing attacks.
These new domains were part of the 'onmicrosoft.com' domain, a legitimate Microsoft domain that is automatically used by Microsoft 365 for fallback purposes in case a custom domain is not created.
"In some cases, the actor attempts to add a device to the organization as a managed device via Microsoft Entra ID, likely an attempt to circumvent conditional access policies configured to restrict access to specific resources to managed devices only," Microsoft added.
Last month, Microsoft refused to address a security issue in Microsoft Teams that can let anyone bypass restrictions for incoming files from external tenants using a Python tool named TeamsPhisher, developed by Alex Reid, a U.S. Navy's Red team member.
Microsoft enhances Windows 11 Phishing Protection with new features.
New tool exploits Microsoft Teams bug to send malware to users.
News URL
Related news
- Microsoft says Russian hackers breached its systems, accessed source code (source)
- Microsoft Confirms Russian Hackers Stole Source Code, Some Customer Secrets (source)
- Microsoft: Russian hackers accessed internal systems, code repositories (source)
- New Phishing Attack Uses Clever Microsoft Office Trick to Deploy NetSupport RAT (source)
- Hackers Exploiting Popular Document Publishing Sites for Phishing Attacks (source)
- Microsoft still unsure how hackers stole MSA key in 2023 Exchange attack (source)
- Hackers impersonate U.S. government agencies in BEC attacks (source)
- Chinese State Hackers Target Tibetans with Supply Chain, Watering Hole Attacks (source)
- Flipper Zero WiFi phishing attack can unlock and steal Tesla cars (source)
- MiTM phishing attack can let attackers unlock and steal a Tesla (source)