Russia-backed hackers used Microsoft Teams to breach government agencies

Russian state-sponsored hackers posing as technical support staff on Microsoft Teams to compromise global organizations, including government agencies.

Key points:

1. The hacking campaign was carried out by a Russian state-sponsored group known as APT29 or Cozy Bear.
2. The group is linked to the SolarWinds attack in 2020 and is part of Russia's Foreign Intelligence Service.
3. The hackers used previously compromised Microsoft 365 accounts to create new technical support-themed domains.
4. They sent Microsoft Teams messages to manipulate users into granting approval for multi-factor authentication prompts.
5. By gaining access to user accounts, the hackers aimed to exfiltrate sensitive information.
6. Less than 40 unique global organizations were targeted or breached, including government agencies, non-government organizations, and various sectors.
7. Microsoft has mitigated the use of the domains and continues to investigate the activity.
8. The campaign follows a recent incident where Chinese hackers exploited a flaw in Microsoft's cloud email service.