Microsoft: Government institutions are being hacked by Russian intelligence
Microsoft reported that a hacker group known as APT29, which has been linked to the Russian Foreign Intelligence Service, has targeted hundreds of businesses worldwide, including government entities, with phishing attacks using the Teams service.
Microsoft said on Thursday that their ongoing investigation suggests that at least 40 different international organizations were impacted by this effort.
According to the business, the targeted organizations in this action show that the group's goals were primarily focused on manufacturing, media, information technology services, and governmental and non-governmental groups.
Threat actors attempted to fool users of the targeted companies using social engineering techniques by exploiting the hacked Microsoft 365 tenants to create new technical help domains and send support messages.
The Microsoft Security Bulletin states that the threat actors' ultimate objective was to steal the targeted users' login information.
The business claimed to have stopped the Russian threat group from using the domains in more attacks, and it is currently actively attempting to address and lessen the effects of the campaign.
It is noteworthy that Microsoft previously declined to address a security flaw in the Teams video conferencing service that was found by researchers from the information security firm (Jumpsec) Jumpsec. The flaw could have allowed anyone to get around restrictions placed on files received from external tenants using the Python-based tool (TeamsPhisher), created by Alex Reed, a member of Team Red in the US Navy.
Microsoft responded to JumpSec's bug report in June by stating that it "does not meet online service standards."
Government organizations were also impacted by the hacker group's APT29 social engineering attack, illustrating the serious effects such operations may have even on well-protected entities.
Three years ago, the SolarWinds supply chain attack that penetrated multiple US federal agencies was conducted by the cyber unit of Russia's Foreign Intelligence Service.
Since then, this hacker outfit has also entered the networks of other businesses employing covert malware, such as TrailBlazer, which allowed it to go unnoticed for years.
Microsoft has disclosed that the hacking organization employs new malware capable of commandeering ADFS (Active Directory Federation Services) to log in as any user on Windows PCs.
In addition, the gang tried to gain information about foreign policy by targeting Microsoft 365 accounts of organizations in NATO nations.
The hacker organization was also responsible for a number of phishing attempts that specifically targeted European governments, embassies, and high-ranking officials.
Comments
Post a Comment