Tech News

Microsoft Reveals APT29 Hacking Campaign Targeting Organizations Worldwide through Teams Service

By Aya Mohammed

Microsoft stated that a hacking group known as APT29, linked to the Russian foreign intelligence, has targeted dozens of organizations worldwide, including government agencies, in phishing attacks through the Teams service.

On Thursday, Microsoft revealed that its ongoing investigation indicates that this campaign has impacted at least 40 unique global organizations.

The company suggested that the targeted organizations in these activities were focused on government and non-government entities, IT services, manufacturing, and media sectors.

Photo 1

The threat actors used compromised tenants of Microsoft 365 service to create new domains for technical support and send support-related messages, attempting to deceive users of the targeted enterprises using social engineering tactics.

According to Microsoft’s security bulletin, the ultimate goal of the threat actors was to steal the credentials of the targeted users, the company reported successfully blocking the Russian threat group from using the domains in further attacks and is actively working to mitigate the campaign’s impact.

It’s worth noting that Microsoft had previously declined to address a security issue in the Teams video conferencing service reported by researchers from Jumpsec, an information security company, the issue could have allowed anyone to bypass restrictions on inbound files from external tenants using the Python-developed tool “TeamsPhisher” by Alex Reed, a member of the U.S. Navy’s Red team.

After JumpSec reported the vulnerability in June, Microsoft stated that the flaw did not meet the standards of immediate service remediation.

The APT29 social engineering attack also affected government agencies, highlighting the significant impact such attacks can have even on well-protected entities.

The Russian foreign intelligence’s hacking department orchestrated the SolarWinds supply chain attack that breached several U.S. federal agencies three years ago.

Since that incident, this hacking group has also infiltrated other organizations’ networks using stealthy malware, including “TrailBlazer,” allowing them to remain undetected for years.

Recently, Microsoft disclosed that the hacking group is now using new malware capable of controlling Active Directory Federation Services (ADFS) for logging in as any Windows user.

Additionally, the group targeted Microsoft 365 accounts associated with NATO entities as part of their efforts to gain access to foreign policy-related information.

Furthermore, the hacking group was responsible for a series of phishing campaigns that overtly targeted governments, embassies, and high-level officials across Europe.


Related:

The Author:
Avatar of Aya Mohammed
Aya Mohammed

Aya Mohammed, born in 1991, from Port Said, holds a Bachelor's degree in Technology and Management Information Systems and a Master's degree in Business Administration.


Leave A Reply

Your email address will not be published.


All content published on the Nogoom Masrya website represents only the opinions of the authors and does not reflect in any way the views of Nogoom Masrya® for Electronic Content Management. The reproduction, publication, distribution, or translation of these materials is permitted, provided that reference is made, under the Creative Commons Attribution 4.0 International License. Copyright © 2009-2024 Nogoom Masrya®, All Rights Reserved.