Microsoft Says Russia-Linked Hackers Behind Dozens of Groups Phishing Assaults
[ad_1]
SAN FRANCISCO (Reuters) – A Russian government-linked hacking group took intention at dozens of world organizations with a marketing campaign to steal login credentials by participating customers in Microsoft Groups chats pretending to be from technical assist, Microsoft researchers stated on Wednesday.
These “extremely focused” social engineering assaults have affected “fewer than 40 distinctive world organizations” since late Could, Microsoft researchers stated in a weblog, including that the corporate was investigating.
The Russian embassy in Washington did not instantly reply to a request for remark.
The hackers arrange domains and accounts that seemed like technical assist and tried to interact Groups customers in chats and get them to approve multifactor authentication (MFA) prompts, the researchers stated.
“Microsoft has mitigated the actor from utilizing the domains and continues to analyze this exercise and work to remediate the affect of the assault,” they added.
Groups is Microsoft’s proprietary enterprise communication platform, with greater than 280 million lively customers, based on the corporate’s January monetary assertion.
MFAs are a extensively beneficial safety measure aimed toward stopping hacking or stealing of credentials. The Groups concentrating on suggests hackers are discovering new methods to get previous it.
The hacking group behind this exercise, identified within the trade as Midnight Blizzard or APT29, is predicated in Russia and the UK and U.S. governments have linked it to the nation’s overseas intelligence service, the researchers stated.
“The organizations focused on this exercise seemingly point out particular espionage targets by Midnight Blizzard directed at authorities, non-government organizations (NGOs), IT providers, know-how, discrete manufacturing, and media sectors,” they stated, with out naming any of the targets.
“This newest assault, mixed with previous exercise, additional demonstrates Midnight Blizzard’s ongoing execution of their targets utilizing each new and customary methods,” the researchers wrote.
Midnight Blizzard has been identified to focus on such organizations, primarily within the U.S. and Europe, going again to 2018, they added.
The hackers used already-compromised Microsoft 365 accounts owned by small companies to make new domains that gave the impression to be technical assist entities and had the phrase “microsoft” in them, based on particulars within the Microsoft weblog. Accounts tied to those domains then despatched phishing messages to bait folks through Groups, the researchers stated.
(Reporting by Zeba Siddiqui in San Francisco; Modifying by Gerry Doyle)
Copyright 2023 Thomson Reuters.
[ad_2]
Source link