Microsoft Identifies Russian Hacking Group in Teams Cyberattack

Microsoft has identified the Russian hacking group Midnight Blizzard as the perpetrator behind a recent cyberattack.

According to a post on Microsoft’s website, Midnight Blizzard members posed as Microsoft Teams tech support staff to steal log-in credentials for just under 40 organizations, in what the company said was a “highly targeted” attack.

The attack, which was launched in May, targeted government and non-government organizations, as well as IT services, technology and media sectors, the Microsoft team said. 

To gain access to users’ information, the hackers approached customers with messages requesting approval for multi-factor authentication, which were then used to extract personal information.

Midnight Blizzard, also known as APT29 or Cozy Bear, was previously linked to the 2020 SolarWinds attack, which saw thousands of organizations impacted by a breach of the network management system Orion.

"This latest attack, combined with past activity, further demonstrates Midnight Blizzard's ongoing execution of their objectives using both new and common techniques," Microsoft said. "Microsoft has mitigated the actor from using the domains and continues to investigate this activity and work to remediate the impact of the attack."

The news comes one month after Chinese hackers infiltrated U.S. government emails using a flaw in Microsoft’s cloud email service.

Related:Microsoft Expands Free Security Tools, Following Backlash

Microsoft has expanded its free security services as a result. In a blog post, the company said the decision was a “response to the increasing frequency and evolution of nation-state cyberthreats.”