Researchers at Microsoft have claimed that a hacker group linked to the Russian government has been using the Microsoft Teams messaging application to carry out ‘highly targeted’ social engineering attacks against dozens of global organisations.

According to a blog post from Microsoft researchers, “fewer than 40 unique global organisations” have been targeted since May, with hackers pretending to act as technical support staff.

According to the blog, members of the hacker group set up domains and accounts that looked like technical support. They would then attempt to engage Teams users and have them approve multifactor authentication (MFA) prompts such as confirming a push notification on a phone or disclosing a generated security code provided via text.

The researchers said: "Microsoft has mitigated the actor from using the domains and continues to investigate this activity and work to remediate the impact of the attack.”

None of the targets were disclosed by Microsoft, with the blog adding: "The organisations targeted in this activity likely indicate specific espionage objectives by Midnight Blizzard directed at government, non-government organisations (NGOs), IT services, technology, discrete manufacturing, and media sectors.”

The hacker group has been identified as Midnight Blizzard or APT29 – a Russia-based hacking organisation which has been linked to the country’s foreign intelligence service by the UK and US governments.

Share Story: