A sophisticated phishing attack on Microsoft Teams has compromised dozens of organizations worldwide. The attack was carried out by hackers affiliated with the Russian government posing as IT support staff in Teams chats.
By asking Teams users to approve bogus multifactor authentication requests, the hackers were able to steal login credentials and gain access to accounts. Microsoft researchers say the phishing scheme began in late May and has affected around 40 global organizations so far.
The tech giant is still investigating the data breaches and working to mitigate the damage, but the scope of the attack is not yet fully known. Microsoft has already disabled the fake domains and accounts set up by the hackers to carry out the phishing ruse.
With over 280 million regular Teams users, the chat platform has become an attractive target for cybercriminals. Microsoft did not elaborate on the identities or locations of the targeted organizations. The Russian embassy in Washington did not immediately respond to requests for comment regarding the hacking campaign.
According to Microsoft researchers, the cyberattack on Teams is believed to have been orchestrated by a notorious Russian hacking collective known as Midnight Blizzard or APT29.
The group has previously been connected to Russia’s foreign intelligence service. Midnight Blizzard targeted organizations across several key industries including government agencies, IT services, manufacturing, and media.
By compromising Microsoft 365 accounts of smaller businesses, the hackers created fake domains mimicking technical support entities with “Microsoft” in the name. This allowed them to pose as legitimate IT staff and trick Teams users into handing over login credentials.
Microsoft said this phishing campaign demonstrates Midnight Blizzard’s ongoing efforts to advance Russia’s objectives through both new and commonly-used hacking techniques. The cyber espionage group has a history of breaching government networks and private sector companies in the US and Europe.
This latest highly-targeted attack on the Teams chat platform shows the hackers expanding their tactics as they seek to gain access to sensitive information across an array of sectors on behalf of the Russian state.
#Hacking #Cyberattack #MidnightBlizzard #MicrosoftTeams
