"Microsoft Teams Targeted in Midnight Blizzard Phishing Attacks"

Microsoft Threat Intelligence has recently announced that it detected a series of highly targeted social engineering attacks employing credential theft phishing lures delivered as Microsoft Teams chats.  Microsoft stated that these attacks have been traced back to the threat actor known as Midnight Blizzard, previously identified as Nobelium.  The method used by the Russia-based threat actor involves exploiting previously compromised Microsoft 365 tenants owned by small businesses to create seemingly legitimate technical support entities.  Using these domains from compromised tenants, Midnight Blizzard sends messages through Microsoft Teams to steal credentials by persuading users to approve multi-factor authentication (MFA) prompts.  Microsoft’s investigation revealed that roughly 40 global organizations have been affected by this campaign.  Microsoft noted that the targeted sectors indicate specific espionage objectives by Midnight Blizzard, including government, non-government organizations (NGOs), IT services, technology, discrete manufacturing, and media entities.  CEO of My1Login, Mike Newman, stated that this is a highly sophisticated phishing scam that would be almost impossible to detect to the untrained eye.  To protect against such attacks, Microsoft advised organizations to implement phishing-resistant authentication methods, use conditional access authentication strength for critical applications, and educate users about social engineering and credential phishing threats.

Infosecurity reports: "Microsoft Teams Targeted in Midnight Blizzard Phishing Attacks"