What you need to know
- Microsoft has identified a new attack affecting Teams users.
- A Russian hacker group known as Midnight Blizzard is behind the exploit.
- The attack has impacted less than 40 unique organizations.
- The hackers are leveraging previously compromised Microsoft 365 tenants belonging to small business owners to create new domains that purport to be technical support entities.
- Microsoft has mitigated the attack and is currently investigating its impact.
Microsoft recently identified a new exploit by a Russian hacker group called Midnight Blizzard affecting Teams users. According to Microsoft Threat Intelligence, the hackers are leveraging previously compromised Microsoft 365 tenants belonging to small business owners to create new domains purporting to be technical support entities, as reported by Neowin.
The company further indicated that the attackers have been using these domains to send Teams messages to unsuspecting users to gain access to crucial and private information. Midnight Blizzard’s ploy bypasses multifactor authentication (MFA) by getting the Teams users to approve the prompts from their end.
As a workaround, Microsoft recommends reinforcing elaborate security measures that will flag any authentication requests not initiated by the user as a threat. The company’s findings indicate that the exploit has impacted fewer than 40 unique global organizations. And according to Microsoft:
The organizations targeted in this activity likely indicate specific espionage objectives by Midnight Blizzard directed at government, non-government organizations (NGOs), IT services, technology, discrete manufacturing, and media sectors.
Microsoft has disclosed that the hacker group’s exploits have been mitigated and that investigation is ongoing to determine the attack’s impact and a permanent remedy. The company has already reached out to targeted or compromised customers and furnished them with all the necessary information to prevent the recurrence of this issue.
Brace up with multi-factor authentication (MFA)
The social engineering attack by Midnight Blizzard is a ploy that multiple organizations have fallen victim to. Attackers are transitioning from old plays, like sending malicious links to unsuspecting users, to more sophisticated techniques.
As you might already know, multi-factor authentication (MFA) is an important feature that beefs up the security of your online accounts and prevents unauthorized users from accessing your personal information. As such, it’s extremely important to ensure that you’ve set up two-factor authentication (2FA) on your accounts. Microsoft has also provided a comprehensive list of recommendations designed to reduce the risk of this threat.
