New Russian Hacker Trick! Phishing Attacks Target Microsoft Teams

New Russian Hacker Trick! Phishing Attacks Target Microsoft Teams

The Russian hacker group, Midnight Blizzard, has recently unleashed a wave of phishing attacks through the Microsoft Teams platform. Their strategy involves infiltrating several small Microsoft 365 business accounts, using the gained access to create legitimate subdomains, and then sending deceptive messages via Teams to trick targets into giving up their access tokens. As a result, over 30 organizations have fallen victim since May, with government agencies, diplomatic units, NGOs, and IT service providers as their primary targets.

How Hackers Exploit Subdomains and Microsoft Teams

Once inside the Microsoft 365 accounts, the hackers cunningly create new subdomains, often adopting security or product names as disguises. They then add users and send deceitful messages through Microsoft Teams. For instance, they may pose as Microsoft’s Identity Protection Service to lure users into opening the Microsoft Authenticator app, thereby gaining access to their Microsoft 365 accounts.

Midnight Blizzard’s Goals and Tactics

The main objective of Midnight Blizzard’s attacks is espionage. Since early 2018, the cybersecurity community has been tracking this group’s actions and learned about their various attack methods, such as stealing credentials, launching supply chain attacks, and exploiting trusted service providers to reach unsuspecting customers.

Microsoft’s Protection Tips

To counter these attacks, Microsoft offers essential protection recommendations, including implementing anti-phishing measures, restricting communication with external domains, allowing access only from known devices, and educating users about the risks of social engineering. Additionally, educating Microsoft Teams users on identifying external signs will significantly boost overall security measures.