Microsoft Threat Intelligence analysts have documented on the company’s portal a new phishing attempt conducted via Teams by the Russian hacking group Midnight Blizzard, also known as Nobelium. The latest attempt to steal access keys and data is particularly insidious because government organizations, NGOs, IT services, manufacturers and communication companies are targeted.
The Redmond men explain that hackers used previously stolen Microsoft 365 accounts for their social engineering attacks. The attackers renamed the accounts by integrating a subdomain onmicrosoft.com and sent a message to the targets, trying to steal their trust thanks to the fact that the contact seems to be from the Microsoft support or security team. At that point the hackers ask to provide credentials, and if the company has active multi-factor authentication (MFA) they also ask for the temporary code needed to log in.
When the hit is successful, the attackers have full access to the Microsoft 365 account and the looting of confidential data and information starts. From Redmond they say that less than 40 organizations around the world end up in the network of cybercriminals. Access data to the various platforms we use in the professional or private sphere, especially those through which confidential information passes, are increasingly coveted by cybercriminals. The case brought by Microsoft is an example of cyber theft at high levels, but phishing affects everyone.
Be very careful then, never take anything for granted, and if something “stinks” avoid or make sure before clicking any link that is sent to you.
Security is never too much when it comes to these areas.
