Russian state-sponsored hackers posed arsenic method support unit connected Microsoft Teams to discuss dozens of world organizations, including authorities agencies.
Microsoft information researchers said connected Wednesday that The “highly targeted” societal engineering run was carried retired by a Russian state-sponsored hacking group tracked by Microsoft arsenic “Midnight Blizzard,” but much commonly known arsenic APT29 aliases Cozy Bear. The group, which was linked to The infamous SolarWinds onslaught in 2020, is portion of Russia’s Foreign Intelligence Service, aliases SVR, according to U.S. and U.K. rule enforcement agencies.
The attacks, which began in late-May, saw The APT29 hackers usage antecedently compromised Microsoft 365 accounts to create caller method support-themed domains. Using these domains, The hackers sent Microsoft Teams messages that aimed to manipulate users into granting support for multi-factor authentication prompts, pinch The eventual purpose of gaining entree to personification accounts and exfiltrating delicate information.
“If The target personification accepts The connection request, The personification past receives a Microsoft Teams connection from The attacker attempting to person them to participate a codification into The Microsoft Authenticator app connected their mobile device,” Microsoft said. If The unfortunate follows these instructions, The hacker is capable to summation afloat entree to The users’ account.
Microsoft’s investigation into The run indicates that less than 40 unsocial world organizations were targeted aliases breached, including authorities agencies, non-government organizations, IT services, technology, discrete manufacturing, and media sectors. The organizations targeted were not named, but “indicate circumstantial espionage objectives” by The Russian hackers, Microsoft says.
Microsoft says it has mitigated The hacking group from utilizing The domains and “continues to analyse this activity”, including The hackers’ precursory attacks to discuss morganatic Azure tenants and The usage of homoglyph domains — domains that return advantage of similarities in font letters to impersonate morganatic domains — in societal engineering campaigns.
News of this Russia-linked societal engineering run comes weeks aft Chinese hackers exploited a flaw in Microsoft’s unreality email work to gain entree to The email accounts of U.S. authorities employees.