• Mon. Oct 16th, 2023

Hackers Supported by Russia Exploited Microsoft Teams to Breach Federal Agencies

Avatar photo

ByEsme Greene

Aug 31, 2023
Russian Hackers Exploited Microsoft Teams
Esme Greene
Latest posts by Esme Greene (see all)

According to Microsoft security researchers, the “highly targeted” social engineering attack was carried out by a Russian state-sponsored hacking outfit known as “Midnight Blizzard,” but more often known as APT29 or Cozy Bear. 

According to US and UK law enforcement sources, the outfit, which was tied to the infamous SolarWinds hack in 2020, is part of Russia’s Foreign Intelligence Service, or SVR. The APT29 attackers used already hacked Microsoft 365 accounts to register new technical support-themed domains in the attacks, which began in late May. 

What is Known About the Hackers

Using these domains, the hackers sent Microsoft Teams messages designed to trick users into accepting permission for multi factor authentication requests, with the ultimate goal of obtaining control over user accounts and exfiltrating sensitive data. “If the target user approves the sender’s request, the user receives a Microsoft Teams message from the hacker trying to persuade them to enter a code into the Microsoft Authenticator app on their handheld device,” Microsoft explained. 

If the target takes these directions, the hacker gains complete control of the user’s account. According to Microsoft’s study, fewer than 40 distinct global companies have been assaulted or compromised, including government agencies, non-government organizations, IT services, technology, discrete production, and media industries. According to Microsoft, the firms targeted were not identified, but “indicate specific espionage objectives” by the Russian hackers.

Microsoft states it has prevented the criminal organization from employing the domains and “continues to investigate this activity,” which includes the hackers’ precursory assaults against valid Azure residents and the employing of homoglyph domains in social engineering campaigns, which take advantage of similarities in font letters to impersonate legitimate domains.

The revelation of this Russia-linked social engineering campaign comes only weeks after Chinese hackers used a hole in Microsoft’s cloud email service to get access to the email accounts of US federal officials.

Avatar photo

Esme Greene

Esme brings a wealth of knowledge and experience to our website, specializing in all aspects of DarkWeb security. With a deep understanding of the intricate workings of the DarkWeb and its associated cybersecurity risks, Esme curates insightful and informative content for our readers.