Microsoft Accuses Russian Government in Teams Phishing Attacks

Microsoft claims that in Microsoft Teams phishing attempts, a hacking group known as APT29 and associated with Russia’s Foreign Intelligence Service (SVR) attacked hundreds of organisations globally, including government bodies.

Microsoft researchers disclosed this in a statement seen on Thursday.

The APT29 hackers used previously hacked Microsoft 365 accounts to build new domains with a technical help theme during the attacks, which started in late May. 

With the ultimate goal of accessing user accounts and stealing sensitive data, the hackers used these domains to send Microsoft Teams messages designed to trick users into approving multifactor authentication prompts.

“Microsoft has mitigated the actor from using the domains and continues to investigate this activity and work to remediate the impact of the attack,” the researches said.

Not Less than 40 distinct global organisations, including government agencies, non-government organisations, IT services, technology, discrete manufacturing, and media sectors, were targeted or compromised, according to Microsoft’s examination into the effort. 

The organisations were not identified, but Microsoft claims they “indicate specific espionage objectives” by the Russian hackers.