Russia-Backed Hackers Behind New Microsoft Teams Phishing Attacks

The hackers took advantage of compromised Microsoft 365 tenants in order to pose as tech support.

Microsoft researchers say that a hacking group linked to the Russian government is responsible for dozens of phishing attempts on the company’s Microsoft Teams workplace collaboration software.

The phishers posed as technical support for Teams, posting within the Teams chat in order to trick users into exposing login credentials across dozens of organizations around the globe.

It’s another reminder that business software hacks are no joke, and that social engineering attacks can get past even the best security protocols, simply by targeting the types of unenforced errors that humans make all the time.

What to Know About the Teams Phishers

A blog post from Microsoft Threat Intelligence identifies the hacking group as “Midnight Blizzard,” using the team’s internal tracking name.

The hackers use “new and common techniques” together, taking advantage of already-compromised Microsoft 365 tenants to generate new domains that can appear to be official tech support. The group then sends chat messages through these domains, attempting to engage a user and request multifactor authentication prompts.

Surfshark logo🔎 Want to browse the web privately? 🌎 Or appear as if you're in another country?
Get a huge 86% off Surfshark with this special offer.See deal button

The best safeguards to avoid getting scammed? Organizations should keep employees trained up on the best security practices, and be sure to highlight that any authentication requests that a user has not themselves initiated should be considered malicious.

Could You Be in Danger? Probably Not in This Case.

The Microsoft research team that has revealed the extent of the new round of phishing attacks doesn’t want anyone to worry too much. They’ve stated that these hacks are “highly targeted” — meaning that they’re unlikely to be a problem for those who don’t work at the type of classified operation that a Russia-linked hacking group is interested in.

Plus, the attacks have impacted “fewer than 40 unique global organizations,” which, to be fair, does sound like a lot.

Microsoft is continuing to investigate.

Staying Safe Online

This isn’t the first time Microsoft has gotten swept up in a major data breach conversation this year.

A few weeks ago, Microsoft dealt with a China-linked hacking group known as Storm-0558, which gained access to Outlook email accounts. That same month, a new tool from the US Navy exposed a security flaw that exploited incoming file restraints within Microsoft Teams. That was shortly after Microsoft issued a denial in response to a group that claimed to have 30 million stolen customer records following a DDoS attack on the tech giant. And that was just July.

As always, business software remains an attractive target for the industrious hacker in 2023. The security arms race is always continuing, and the basic means of protection remain the same. Use a VPN, and consider re-training your employees on phishing tactics yet again.

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at

Written by:
Adam is a writer at and has worked as a tech writer, blogger and copy editor for more than a decade. He was a Forbes Contributor on the publishing industry, for which he was named a Digital Book World 2018 award finalist. His work has appeared in publications including Popular Mechanics and IDG Connect, and his art history book on 1970s sci-fi, 'Worlds Beyond Time,' is out from Abrams Books in July 2023. In the meantime, he's hunting down the latest news on VPNs, POS systems, and the future of tech.
Explore More See all news
Back to top
close Thinking about your online privacy? NordVPN is's top-rated VPN service See Deals