Security News > 2023 > August > Russia's Cozy Bear is back and hitting Microsoft Teams to phish top targets
An infamous Kremlin-backed gang has been using Microsoft Teams chats in attempts to phish marks in governments, NGOs, and IT businesses, according to the Windows giant.
In its latest crime spree, a crew that Microsoft Threat Intelligence now tracks as Midnight Blizzard uses previously compromised Microsoft 365 tenants to create domains that masquerade as organizations offering tech support.
Microsoft used to call this group Nobelium, while other security researchers track the Russian gang as APT29 or Cozy Bear.
In other Microsoft security news, Tenable CEO Amit Yoran said his research team discovered a critical Microsoft Azure vulnerability - and he also lambasted Redmond for the IT giant's "Grossly irresponsible, if not blatantly negligent" vulnerability reporting habits.
"We don't know the fix, or mitigation, so hard to say if it's truly fixed, or Microsoft put a control in place like a firewall rule or ACL to block us. When we find vulns in other products, vendors usually inform us of the fix so we can validate it effectively. With Microsoft Azure that doesn't happen, so it's a black box, which is also part of the problem. The 'just trust us' lacks credibility when you have the current track record."
Microsoft told The Register that the issue has now been corrected for all customers.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/08/03/microsoft_teams_cozy_bear/
Related news
- Black Basta operators phish employees via Microsoft Teams (source)
- Week in review: Windows Themes spoofing bug “returns”, employees phished via Microsoft Teams (source)
- Microsoft Ignite 2024 Unveils Groundbreaking AI, Security, and Teams Innovations (source)
- Microsoft 365 outage impacts Exchange Online, Teams, Sharepoint (source)
- Nextcloud Talk: Open-source, GDPR-compliant alternative to Microsoft Teams (source)
- Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware (source)