Digital Times Nigeria
  • Home
  • Telecoms
    • Broadband
  • Business
    • Banking
    • Finance
  • Editorial
    • Opinion
    • Big Story
  • TechExtra
    • Fintech
    • Innovation
  • Interview
  • Media
    • Social
    • Broadcasting
Facebook X (Twitter) Instagram
Trending
  • Consumers Value Awards (CVA) 2025 Nomination Deadline Extended To May 30
  • SeerBit, Spectranet Unveil ExpressPay To Deliver Instant, Seamless Internet Subscription Payments
  • BREAKING: KongaPay Makes Significant Stride, Secures Three ISO Certifications
  • Soludo Unveils 1 Million Digital Tribe (1MADT) Initiative
  • Emerging Technologies Will Break Trade Barriers Across Africa, Says NITDA Boss
  • Oluwaseun Dania Named Among Top 50 Most Influential People For Philanthropy, Social Impact
  • ABoICT 2025 Lecture To Explore AI Governance And Standards
  • PalmPay Pushes For Contactless Payments At BusinessDay Conference
Facebook X (Twitter) Instagram
Digital Times NigeriaDigital Times Nigeria
  • Home
  • Telecoms
    • Broadband
  • Business
    • Banking
    • Finance
  • Editorial
    • Opinion
    • Big Story
  • TechExtra
    • Fintech
    • Innovation
  • Interview
  • Media
    • Social
    • Broadcasting
Digital Times Nigeria
Home » REVEALED: How Hackers Launched Their Latest Attack Using Microsoft Teams
CYBERSECURITY

REVEALED: How Hackers Launched Their Latest Attack Using Microsoft Teams

DigitalTimesNGBy DigitalTimesNG3 August 2023No Comments3 Mins Read28 Views
Facebook Twitter Pinterest Telegram LinkedIn Tumblr WhatsApp Email
TEAMS
Share
Facebook Twitter LinkedIn Pinterest Telegram Email WhatsApp
  • The group has been observed targeting dozens of organizations worldwide

Security researchers at Microsoft have issued a warning over a Russia-linked hacker group that has targeted dozens of organizations in a sophisticated phishing campaign leveraging Microsoft Teams.

Detailed in an advisory on Wednesday, researchers uncovered a series of “highly targeted social engineering attacks” that used credential theft phishing lures sent as Microsoft Teams chat messages.

The group, which Microsoft said is linked to Russian intelligence services, was identified as ‘Midnight Blizzard’, previously known as Nobelium. The group’s activities can be traced back as early as 2018, the firm said.

Microsoft warned that the latest wave of attacks by the group highlights the aggressive activities using “both new and common techniques”.

Exploiting Microsoft Teams for phishing attacks

In its advisory, Microsoft said that the threat actor group focused specifically on Microsoft Teams using previously compromised Microsoft 365 accounts.

This allowed attackers to create new onmicrosoft.com subdomains that “appear as technical support entities” and enabled them to contact potential victims.

These subdomains used “security-themed or product name-themed keywords” and were designed to lend legitimacy to the messages directed at targets.

Examples of compromised subdomains cited by Microsoft included:

“To facilitate their attack, the actor uses Microsoft 365 tenants owned by small businesses they have compromised in previous attacks to host and launch their social engineering attack,” researchers said.

“The actor renames the compromised tenant, adds a new onmicrosoft.com subdomain, then adds a new user associated with that domain from which to send the outbound message to the target tenant.”

READ ALSO  Cybersecurity: CBN, Bankers Committee, CCISONFI Launch ‘NoGoFallMaga, Confam Am Again’ Awareness Campaign

These malicious domains were thereafter used in a sophisticated social engineering scheme that harnessed the Teams chat function to send phishing messages designed to steal login and multi-factor authentication (MFA) credentials.

In an example of a message directed at a target, Microsoft found that the attackers attempted to dupe users to enter a code into the Microsoft Authenticator app on their mobile devices.

“We detected a recent change applied to your preferred Multi-Factor Authentication (MFA) methods. For your security and to ensure only you have access to your account, we will ask you to verify your identity. Open your authenticator app, and enter the number: 81,” the message read.

Microsoft said this latest campaign bears similarities to previous attacks waged by Midnight Blizzard. The group has been observed “regularly utilizing token theft techniques for initial access into targeted environments”.

The group has also been observed employing authentication spear phishing, password spray, brute force, and other credential-related attacks.

“The attack pattern observed in malicious activity since at least late May 2023 has been identified as a subset of broader credential attack campaigns that we attribute to Midnight Blizzard.”

Limited impact

Microsoft’s investigation of the phishing campaign found that it has affected “fewer than 40 unique global organizations” but gave no additional information on who these victims were other than the sectors they operated in.

This included organizations operating in the government, IT services, technology, manufacturing, and media sectors.

However, given the sectors in which these organizations operated, researchers said that the campaign indicated “specific espionage objectives” given to the group.

READ ALSO  Meta Bans Russian State Media Outlets From Facebook, Instagram

In its response to the attacks, Microsoft said it has since prevented the group from using the compromised domains but advised organizations to remain vigilant and employ a number of practices to reduce future threats.

This includes deploying “phishing-resistant” authentication methods for users and implementing Conditional Access authentication that requires phishing-resistant authentication for “employees and external users for critical apps”.

*Source: ITPro

#Hackers #Microsoft Teams #Russia
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Previous Article“MAFAB Has Launched 5G Services In Nigeria,” NCC Clarifies
Next Article Africa Mobile Networks, Starlink Sign Deal To Connect Millions Of People In Africa
DigitalTimesNG
  • X (Twitter)

Related Posts

NITDA, SecDojo Ink Deal To Launch Cybersecurity Academy, Boost Nigeria’s Digital Resilience

15 April 2025

Mart Networks Partners Infopercept To Deliver End-to-End Cybersecurity Solutions Across Africa

8 April 2025

Sophos MDR Protects 26,000 Customers Worldwide With Latest Upgrade

8 January 2025

TD Africa, Check Point Partner To Strengthen Nigeria’s Cybersecurity Landscape

2 December 2024

Sophos Acquires Secureworks In $859M Deal To Strengthen Global Cybersecurity

24 October 2024

Digital Encode Aims for Unicorn Status, Unveils Cutting-Edge Cybersecurity Solutions at AfriTECH 4.0

21 October 2024

Comments are closed.

Categories
About
About

Digital Times Nigeria (www.digitaltimesng.com) is an online technology publication of Digital Times Media Services.

Facebook X (Twitter) Instagram
Latest Posts

Consumers Value Awards (CVA) 2025 Nomination Deadline Extended To May 30

7 May 2025

SeerBit, Spectranet Unveil ExpressPay To Deliver Instant, Seamless Internet Subscription Payments

7 May 2025

BREAKING: KongaPay Makes Significant Stride, Secures Three ISO Certifications

7 May 2025
Popular Posts

Building Explainable AI (XAI) Dashboards For Non-Technical Stakeholders

2 May 2022

Building Ethical AI Starts With People: How Gabriel Ayodele Is Engineering Trust Through Mentorship

8 January 2024

Gabriel Tosin Ayodele: Leading AI-Powered Innovation In Web3

8 November 2022
© 2025 Digital Times NG. Designed by Max Excellence LLC.
  • Advert Rate
  • Terms of Use
  • Advertisement
  • Private Policy
  • Contact Us

Type above and press Enter to search. Press Esc to cancel.