"Russian APT Phished Government Employees via Microsoft Teams"

Microsoft reports that an Advanced Persistent Threat (APT) group with ties to Russia's Foreign Intelligence Service has used Microsoft Teams to launch phishing attacks against employees of dozens of global organizations. To host and execute their social engineering attack, the actor uses Microsoft 365 tenants belonging to small businesses they have compromised in previous attacks. According to the company, the actor renames the compromised tenant, adds a new onmicrosoft[.]com subdomain, and then adds a new user associated with that domain to send the outbound message to the target tenant. The actor-controlled subdomains and new tenant names contained product- or security-related keywords. The actor would then send a Microsoft Teams message request to the targeted employees, who, if they accepted, would receive a message urging them to input a code into the Microsoft Authenticator app on their mobile device. This article continues to discuss the Russian APT group targeting employees of global organizations with phishing attacks via Microsoft Teams. 

Help Net Security reports "Russian APT Phished Government Employees via Microsoft Teams"