Russia-Backed Hackers Posing as Microsoft Teams Target Global Orgs, Government Agencies

The investigation revealed that the group APT29/Cozy Bear was involved.

Microsoft researchers recently disclosed that a hacker gang with ties to the Russian government, known as "Midnight Blizzard" or APT29/Cozy Bear, planned a series of highly focused social engineering assaults against international organizations using Microsoft Teams as a front, aimed at stealing login information and obtaining unauthorized access to confidential data.

Less than 40 distinct worldwide organizations have fallen prey to the campaign since late May, with the Russian-back hackers using sophisticated techniques to take advantage of Microsoft Teams users' confidence, according to a Reuters report.

The Hackers' Strategy

Recent operations associated with the hacker gang demonstrate how they use new subdomains to target renters who have already been penetrated in order to start Teams talks and win over future victims.

In order to trick unwary users into starting conversations that seemed to be from Microsoft's technical support staff, the hackers painstakingly created domains and accounts that closely resembled real technical support or Microsoft's Identity Protection team.

Once in the discussion, the attackers used deception to induce their targets to agree to multifactor authentication (MFA) prompts so they could secretly access user accounts.

If they fell for the trick, the target user would get a notification asking them to input a code into the Microsoft Authenticator app on their mobile device, per TechCrunch. The hackers were able to access the victim's account in its entirety after following several steps.

For initial entry into targeted settings, the Midnight Blizzard gang has a history of using complex tactics such as authentication spear-phishing, password spray, and brute-force assaults, according to The Hacker News. Their strategy involves moving laterally from on-premises systems to the cloud and using the service providers' trust chain to get access to downstream clients.

Microsoft has been actively looking into the issue and taking action to prevent future damage. The business prevented the hackers from utilizing the shady domains, but they constantly monitor the case.

Hackers Wanted to Spy on Organizations

According to law enforcement organizations in the United States and the United Kingdom, the APT29 gang has a reputation for being involved in the infamous SolarWinds assault in 2020. It is associated with Russia's SVR Foreign Intelligence Service.

Government, non-governmental, IT, technology, discrete manufacturing, and media organizations are affected by the cyberattack. According to Microsoft, the targets indicated that the hackers had particular espionage goals in mind.

Microsoft recommends that users be attentive and take the appropriate actions to secure their accounts and sensitive information in light of the continuing investigations and the growing complexity of such attacks.

byline -quincy
techtimes
ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics