Encircle News!

Retro Game Arcade
, , , ,

Russia-backed hackers used Microsoft Teams to breach government agencies

Carly Page

Russian state-sponsored hackers posed as technical support staff on Microsoft Teams to compromise dozens of global organizations, including government agencies.

Microsoft security researchers said on Wednesday that the “highly targeted” social engineering campaign was carried out by a Russian state-sponsored hacking group tracked by Microsoft as “Midnight Blizzard,” but more commonly known as APT29 or Cozy Bear. The group, which was linked to the infamous SolarWinds attack in 2020, is part of Russia’s Foreign Intelligence Service, or SVR, according to U.S. and U.K. law enforcement agencies.

The attacks, which began in late-May, saw the APT29 hackers use previously compromised Microsoft 365 accounts to create new technical support-themed domains. Using these domains, the hackers sent Microsoft Teams messages that aimed to manipulate users into granting approval for multi-factor authentication prompts, with the ultimate aim of gaining access to user accounts and exfiltrating sensitive information.

“If the target user accepts the message request, the user then receives a Microsoft Teams message from the attacker attempting to convince them to enter a code into the Microsoft Authenticator app on their mobile device,” Microsoft said. If the victim follows these instructions, the hacker is able to gain full access to the users’ account.

Microsoft’s investigation into the campaign indicates that fewer than 40 unique global organizations were targeted or breached, including government agencies, non-government organizations, IT services, technology, discrete manufacturing, and media sectors. The organizations targeted were not named, but “indicate specific espionage objectives” by the Russian hackers, Microsoft says.

Microsoft says it has mitigated the hacking group from using the domains and “continues to investigate this activity”, including the hackers’ precursory attacks to compromise legitimate Azure tenants and the use of homoglyph domains — domains that take advantage of similarities in font letters to impersonate legitimate domains — in social engineering campaigns.

News of this Russia-linked social engineering campaign comes weeks after Chinese hackers exploited a flaw in Microsoft’s cloud email service to gain access to the email accounts of U.S. government employees.

Microsoft lost its keys, and the government got hacked

https://techcrunch.com/2023/08/03/russia-hackers-microsoft-teams-government/

Follow Us

Featured Posts

December 2024
M T W T F S S
 1
2345678
9101112131415
16171819202122
23242526272829
3031  

About Us

Welcome to encircle News! We are a cutting-edge technology news company that is dedicated to bringing you the latest and greatest in everything tech. From automobiles to drones, software to hardware, we’ve got you covered.

At encircle News, we believe that technology is more than just a tool, it’s a way of life. And we’re here to help you stay on top of all the latest trends and developments in this ever-evolving field. We know that technology is constantly changing, and that can be overwhelming, but we’re here to make it easy for you to keep up.

We’re a team of tech enthusiasts who are passionate about everything tech and love to share our knowledge with others. We believe that technology should be accessible to everyone, and we’re here to make sure it is. Our mission is to provide you with fun, engaging, and informative content that helps you to understand and embrace the latest technologies.

From the newest cars on the road to the latest drones taking to the skies, we’ve got you covered. We also dive deep into the world of software and hardware, bringing you the latest updates on everything from operating systems to processors.

So whether you’re a tech enthusiast, a business professional, or just someone who wants to stay up-to-date on the latest advancements in technology, encircle News is the place for you. Join us on this exciting journey and be a part of shaping the future.

Podcasts

TWiT 1011: The Year in Review – A Look at the Top Stories of 2024 This Week in Tech (Audio)

What's behind the tech industry's mass layoffs in 2024? : NPR Rabbit R1 AI Assistant: Price, Specs, Release Date | WIRED Stealing everything you've ever typed or viewed on your own Windows PC is now possible with two lines of code — inside the Copilot+ Recall disaster. Microsoft delays Recall after security concerns, and asks Windows Insiders for help The Qualcomm Snapdragon X Architecture Deep Dive: Getting To Know Oryon and Adreno X1 Elon Musk: First Human Receives Neuralink Brain Chip Apple hit with €1.8bn fine for breaking EU law over music streaming Bluesky emerges The hidden high cost of return-to-office mandates Apple's Car Was Doomed by Its Lofty Ambitions to Outdo Tesla SpaceX pulls off unprecedented feat, grabs descending rocket with mechanical arms U.S. versus Apple: A first reaction Google Says It Won't Force Gemini on Partners in Antitrust Remedy Proposal U.S. Accuses Chinese Hackers of Targeting Critical Infrastructure in America U.S. Agency Warns Employees About Phone Use Amid Ongoing China Hack AT&T says criminals stole phone records of 'nearly all' customers in new data breach National Public Data confirms breach exposing Social Security numbers Schools Want to Ban Phones. Parents Say No. New York passes legislation that would ban 'addictive' social media algorithms for kids GPT-4o (omni) + new "Her"-style AI assistant (it's nuts) Google emissions jump nearly 50% over five years as AI use surges Trump proposes strategic national crypto stockpile at Bitcoin Conference Ten additional US states join DOJ antitrust lawsuit looking to break up Live Nation and TicketmasterThe Internet Archive just lost its appeal over ebook lending Hezbollah Pagers Explode in Apparent Attack Across Lebanon OpenAI raises $6.6 billion in largest VC round ever Painting by A.I.-Powered Robot Sells for $1.1 Million Netflix's Live Mike Tyson Vs. Jake Paul Fight Battling Sound & Streaming Glitches In Lead-Up To Main Event Infowars Sale to The Onion Rejected by Federal Bankruptcy Judge Supreme Court agrees to hear challenge to TikTok ban So You Want to Solve the NJ Drone Mystery? Our Expert Has Some Ideas Beeper's push for iMessage on Android is really over The Quiet Death of Ello's Big Dreams Japan finally ends mandatory form submission on floppy disks We'll Miss You: Pioneering instant messaging program ICQ is finally shutting down after nearly 30 years Spotify is going to break every Car Thing gadget it ever sold Game Informer to Shut Down After 33 Years In Memoriam Host: Leo Laporte Guests: Fr. Robert Ballecer, SJ, Richard Campbell, and Mikah Sargent Download or subscribe to This Week in Tech at https://twit.tv/shows/this-week-in-tech Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsor: bitwarden.com/twit
  1. TWiT 1011: The Year in Review – A Look at the Top Stories of 2024
  2. TWiT 1010: The Densest State in the US – TikTok Ban, Drones Over Jersey, GM Quits Robotaxis
  3. TWiT 1009: Andy Giveth & Bill Taketh Away – Trump's Tech Titans, Crypto Boom, TikTok's US Ban, Intel CEO Exits
  4. TWiT 1008: Internet Legal – Australia's Social Media Ban for Kids, Smart Home Nightmare, Bluesky's Ascent
  5. TWiT 1007: All the Hotdogs in the World – China's "Salt Typhoon" Hack, Google on the Chopping Block, Recall AI