Carding
Professional
- Messages
- 2,871
- Reaction score
- 2,467
- Points
- 113
Microsoft claims that the hacker group APT29 (aka Midnight Blizzard, Nobelium and Cozy Bear) attacked dozens of organizations and government agencies around the world, using Microsoft Teams for phishing. "An ongoing investigation shows that fewer than 40 unique international organizations were affected by this campaign," Microsoft said.
The company says that the attacked organizations can be used to identify Midnight Blizzard's spy targets. The hacker campaigns targeted government and non-governmental organizations, the IT sector, technology, discrete manufacturing, and the media.
With the help of previously hacked Microsoft 365 talents, usually belonging to small businesses, attackers created new domains disguised as technical support. Attackers renamed hacked accounts and added new users, which allowed them to send messages to victims.
Hackers then sent decoys to victims through Microsoft Teams, trying to deceive users of the target organizations using social engineering. These new domains were part of onmicrosoft.com — a legitimate Microsoft domain.
Message from hackers
The purpose of such attacks was to force the user to approve a multi-factor authentication (MFA) request and eventually steal the victim's credentials.
Because the messages came from a legitimate domain onmicrosoft.com victims were under the impression that fake messages from Microsoft support were genuine. In addition, hackers usually used keywords related to security or the names of well-known products.
The company reports that it has already blocked the use of domains by hackers and is already working to eliminate the consequences of this malicious campaign.
The company says that the attacked organizations can be used to identify Midnight Blizzard's spy targets. The hacker campaigns targeted government and non-governmental organizations, the IT sector, technology, discrete manufacturing, and the media.
With the help of previously hacked Microsoft 365 talents, usually belonging to small businesses, attackers created new domains disguised as technical support. Attackers renamed hacked accounts and added new users, which allowed them to send messages to victims.
Hackers then sent decoys to victims through Microsoft Teams, trying to deceive users of the target organizations using social engineering. These new domains were part of onmicrosoft.com — a legitimate Microsoft domain.
Message from hackers
The purpose of such attacks was to force the user to approve a multi-factor authentication (MFA) request and eventually steal the victim's credentials.
Because the messages came from a legitimate domain onmicrosoft.com victims were under the impression that fake messages from Microsoft support were genuine. In addition, hackers usually used keywords related to security or the names of well-known products.
The company reports that it has already blocked the use of domains by hackers and is already working to eliminate the consequences of this malicious campaign.