Microsoft researchers on Wednesday alleged that a Russian government-linked hacking group targeted dozens of global organisations as part of its strategy to steal the users’ login credentials by engaging them in Microsoft Teams chats and talking to them under the pretence of technical support.
Such “highly targeted” social engineering attacks have hit “fewer than 40 unique global organisations” since late May, stated Microsoft researchers in a blog, further adding that the company is carrying out an investigation.
No immediate response was issued by the Russian embassy in Washington over the allegations made.
trending now
The researchers stated that domains and accounts are set up by the researchers which look like technical support and efforts are made to engage Teams users in chats and make them give approval for multifactor authentication (MFA) prompts.
“Microsoft has mitigated the actor from using the domains and continues to investigate this activity and work to remediate the impact of the attack,” they stated.
Teams is a proprietary business communication platform of Microsoft and has more than 280 million active users, as per the January financial statement of the company.
Security measures for the prevention of stealing credentials or hacking have been widely recommended by the MFAs. The ways in which the hackers are targeting the Teams suggest that they are looking for new ways to get past it.
Hackers’ Russian connection
The researchers claim that the hacking group behind the activity, which is known as Midnight Blizzard or APT29 in the industry, is based in Russia and it has been linked to the country’s foreign intelligence service by the governments of the UK and United States.
“The organisations targeted in this activity likely indicate specific espionage objectives by Midnight Blizzard directed at the government, non-government organizations (NGOs), IT services, technology, discrete manufacturing, and media sectors,” the researchers said, without taking names of the targets.
“This latest attack, combined with past activity, further demonstrates Midnight Blizzard’s ongoing execution of their objectives using both new and common techniques,” the researchers claimed.
WATCH | Russian hackers demand ransom to restore systems after targeting Japan’s port
They stated that Midnight Blizzard is known for targeting similar organisations, mainly in the US and Europe.
The already-compromised Microsoft 365 accounts, which belong to small businesses, are being used by hackers to create new domains which appear as technical support entities and have the word “Microsoft” in them, as per the details revealed on the Microsoft blog. The researchers said accounts related to these domains then receive phishing messages aimed to bait people through Teams.
(With inputs from agencies)
recommended stories
recommended stories
WATCH WION LIVE HERE