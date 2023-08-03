A hacking group believed to be associated with the Russian government has carried out a focused campaign aimed at stealing login credentials from organizations worldwide through Microsoft Teams chats. According to researchers at Microsoft, the social engineering attacks started in late May and have impacted less than 40 organizations globally.

The attackers set up fraudulent technical support domains and accounts, posing as legitimate users, to engage with Teams users. Through these conversations, unsuspecting users are tricked into authorizing prompts for multifactor authentication. Microsoft has taken action to address the use of these fake domains and continues to investigate the incidents.

Microsoft Teams is a widely used business communication platform with more than 280 million active users. The successful targeting of Teams highlights the importance of enhancing security measures to protect organizations from hacking attempts.

The hacking group responsible for these attacks, known as Midnight Blizzard or APT29, is based in Russia. Their previous targets have included government organizations, NGOs, IT services, technology, manufacturing, and media sectors. This recent attack serves as further evidence of the group’s continuous use of both old and new techniques to accomplish their objectives.

Organizations utilizing Microsoft Teams should remain vigilant and implement strong security measures to prevent falling victim to these kinds of attacks. It is crucial to educate employees about potential phishing attempts and the importance of verifying the authenticity of communication channels and requests for sensitive information. Regular security updates and patches should also be applied to ensure systems are protected against known vulnerabilities.