Microsoft researchers say that a hacking group linked to the Russian government is responsible for dozens of phishing attempts on the company's Microsoft Teams workplace collaboration software.
The phishers posed as technical support for Teams, posting within the Teams chat in order to trick users into exposing login credentials across dozens of organizations around the globe.
It's another reminder that business software hacks are no joke, and that social engineering attacks can get past even the best security protocols, simply by targeting the types of unenforced errors that humans make all the time.
What to Know About the Teams Phishers
A blog post from Microsoft Threat Intelligence identifies the hacking group as “Midnight Blizzard,” using the team's internal tracking name.
The hackers use “new and common techniques” together, taking advantage of already-compromised Microsoft 365 tenants to generate new domains that can appear to be official tech support. The group then sends chat messages through these domains, attempting to engage a user and request multifactor authentication prompts.
🔎 Want to browse the web privately? 🌎 Or appear as if you're in another country?
Get a huge 86% off Surfshark with this special tech.co offer.
The best safeguards to avoid getting scammed? Organizations should keep employees trained up on the best security practices, and be sure to highlight that any authentication requests that a user has not themselves initiated should be considered malicious.
Could You Be in Danger? Probably Not in This Case.
The Microsoft research team that has revealed the extent of the new round of phishing attacks doesn't want anyone to worry too much. They've stated that these hacks are “highly targeted” — meaning that they're unlikely to be a problem for those who don't work at the type of classified operation that a Russia-linked hacking group is interested in.
Plus, the attacks have impacted “fewer than 40 unique global organizations,” which, to be fair, does sound like a lot.
Microsoft is continuing to investigate.
Staying Safe Online
This isn't the first time Microsoft has gotten swept up in a major data breach conversation this year.
A few weeks ago, Microsoft dealt with a China-linked hacking group known as Storm-0558, which gained access to Outlook email accounts. That same month, a new tool from the US Navy exposed a security flaw that exploited incoming file restraints within Microsoft Teams. That was shortly after Microsoft issued a denial in response to a group that claimed to have 30 million stolen customer records following a DDoS attack on the tech giant. And that was just July.
As always, business software remains an attractive target for the industrious hacker in 2023. The security arms race is always continuing, and the basic means of protection remain the same. Use a VPN, and consider re-training your employees on phishing tactics yet again.