Microsoft reports Russia-linked hackers behind Teams phishing attacks

As per Microsoft, Russian-linked hackers are behind the highly targeted social engineering attacks using credential theft phishing lures sent as Microsoft Teams chats. 

On 2 August, Wednesday, in a report Microsoft disclosed that its intelligence agencies have identified social engineering attacks launched by the Russian nation-state threat actors, Midnight Blizzard.  

The researchers said that the hackers attempted to interact with Teams users over chat and persuade them to accept multifactor authentication (MFA) prompts by creating domains and identities that appeared to be related to technical help.

“Microsoft has mitigated the actor from using the domains and continues to investigate this activity and work to remediate the impact of the attack,”  Microsoft added. 

Teams is a business communication platform offered by Microsoft that possesses 280 million active users and an attack on it can cause severe chaos and loss. 

“This latest attack, combined with past activity, further demonstrates Midnight Blizzard’s ongoing execution of their objectives using both new and common techniques,” Microsoft researchers wrote.

The attackers have targeted fewer than 40 organizations worldwide, including government, NGOs, IT services, technology, discrete manufacturing, and media sectors. 

Along with various methods including spear-phishing, password spraying, and brute-force attacks, the threat actor has been seen to use token theft techniques to gain initial entry into targeted environments.

According to information on the Microsoft blog, the hackers created new domains that looked to be technical assistance firms and contained the word “Microsoft” using already-compromised Microsoft 365 accounts owned by small businesses. The researchers reported that accounts associated with these domains subsequently used Teams to send phishing messages to users.