Security News > 2023 > August > Microsoft Exposes Russian Hackers' Sneaky Phishing Tactics via Microsoft Teams Chats
Microsoft on Wednesday disclosed that it identified a set of highly targeted social engineering attacks mounted by a Russian nation-state threat actor using credential theft phishing lures sent as Microsoft Teams chats.
Microsoft said the campaign, observed since at least late May 2023, affected less than 40 organizations globally spanning government, non-government organizations, IT services, technology, discrete manufacturing, and media sectors.
In the new round of attacks linked to Midnight Blizzard, a new onmicrosoft.com subdomain is added to a tenant previously compromised in attacks, followed by creating a new user with that subdomain to initiate a Teams chat request with potential targets by masquerading as a technical support person or Microsoft's Identity Protection team.
"If the target user accepts the message request, the user then receives a Microsoft Teams message from the attacker attempting to convince them to enter a code into the Microsoft Authenticator app on their mobile device," Microsoft explained.
"In some cases, the actor attempts to add a device to the organization as a managed device via Microsoft Entra ID, likely an attempt to circumvent conditional access policies configured to restrict access to specific resources to managed devices only," Microsoft cautioned.
The findings come days after the threat actor was attributed to phishing attacks targeting diplomatic entities throughout Eastern Europe with the goal of delivering a new backdoor called GraphicalProton.
News URL
https://thehackernews.com/2023/08/microsoft-exposes-russian-hackers.html
Related news
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- A Hacker's Era: Why Microsoft 365 Protection Reigns Supreme (source)
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)
- 100+ domains seized to stymie Russian Star Blizzard hackers (source)
- U.S. and Microsoft Seize 107 Russian Domains in Major Cyber Fraud Crackdown (source)
- US Government, Microsoft Aim to Disrupt Russian threat actor ‘Star Blizzard’ (source)
- Pro-Ukrainian Hackers Strike Russian State TV on Putin's Birthday (source)
- US, UK warn of Russian APT29 hackers targeting Zimbra, TeamCity servers (source)
- Week in review: Microsoft fixes two exploited zero-days, SOC teams are losing trust in security tools (source)