EN
  • Cyber stability
  • Secops
  • Risks management
  • Digital transformation
  • Digital Sovereignty
  • Cybercrime
  • Industry and OT
  • Fraud
  • Digital identity
  • Cyber +
    • Widespread Russian cyber espionage campaign on Microsoft Teams

    Widespread Russian cyber espionage campaign on Microsoft Teams

    Written by
    The Editorial Team
    08.14.23
    Cyber stability
    01
    MIN
    Widespread Russian cyber espionage campaign on Microsoft Teams
    Widespread Russian cyber espionage campaign on Microsoft Teams
    Widespread Russian cyber espionage campaign on Microsoft Teams
    Image Russia's offensive on "digital sovereignty" in Africa
    Cyber stability
    04.12.24 Cyber stability
    Next article
    Russia’s offensive on “digital sovereignty” in Africa
    Read
    06
    MIN
    Image The US neutralizes the infiltration of the pro-China Volt Typhoon cyber group
    Cyber stability
    02.08.24 Cyber stability
    Next article
    The US neutralizes the infiltration of the pro-China Volt Typhoon cyber group
    Read
    02
    MIN
    Image Ukrainian military intelligence increases cyberattacks against Russian targets
    Cyber stability
    02.05.24 Cyber stability
    Next article
    Ukrainian military intelligence increases cyberattacks against Russian targets
    Read
    01
    MIN
    Image Pro-Russian group Midnight Blizzard gained access to emails of Microsoft executives
    Cyber stability
    01.30.24 Cyber stability
    Next article
    Pro-Russian group Midnight Blizzard gained access to emails of Microsoft executives
    Read
    01
    MIN

    Kremlin-affiliated cybercriminal group orchestrated widespread cyber espionage campaign, infiltrating numerous international organizations, including government agencies

    On August 2, 2023, Microsoft reported a phishing and cyber espionage campaign led by a Russian State-sponsored group of cybercriminals using Microsoft Teams. The group goes by the name Cozy Bear (or Midnight Blizzard) and is known for the spectacular SolarWind cyberattack. The current campaign was launched in May of 2023 and was ongoing until recently.

    The modus operandis follows a classic pattern. Attackers started by targeting Teams videoconferencing customer service employees, in order to gain control of their accounts. They then used the credentials to send phishing messages to their primary targets, redirecting them to fake login pages.

    Cozy Bear managed to retrieve not only the victims’ user information but also their two-factor authentication codes, which granted them access to the target accounts. According to Microsoft, the attack struck forty organizations around the world. Among the victims are government agencies, NGOs, tech companies, IT departments and media.

    The report does not name the victims, but explains that the type of target provides insight into the Russian State group’s “specific espionage goals”.

    The Editorial Team
    08.14.23
    Articles by the same author:
    1
    04.23.24 Secops
    Akamai to buy Noname Security for 500 million dollars
    Read
    01
    MIN
    2
    04.10.24 Cyber +
    Cahiers inCyber : “In Cloud We Trust”
    Read
    01
    MIN
    3
    03.05.24 Digital Sovereignty
    Government administration: France and Germany join forces to develop sovereign tools
    Read
    02
    MIN
    4
    03.05.24 Cyber stability
    Israel-Hamas cyberwar : Google emphasizes key role of Iran
    Read
    02
    MIN
    Image Russia's offensive on "digital sovereignty" in Africa
    Cyber stability
    04.12.24 Cyber stability
    Next article
    Russia’s offensive on “digital sovereignty” in Africa
    Read
    06
    MIN
    Image The US neutralizes the infiltration of the pro-China Volt Typhoon cyber group
    Cyber stability
    02.08.24 Cyber stability
    Next article
    The US neutralizes the infiltration of the pro-China Volt Typhoon cyber group
    Read
    02
    MIN
    Image Ukrainian military intelligence increases cyberattacks against Russian targets
    Cyber stability
    02.05.24 Cyber stability
    Next article
    Ukrainian military intelligence increases cyberattacks against Russian targets
    Read
    01
    MIN
    Image Pro-Russian group Midnight Blizzard gained access to emails of Microsoft executives
    Cyber stability
    01.30.24 Cyber stability
    Next article
    Pro-Russian group Midnight Blizzard gained access to emails of Microsoft executives
    Read
    01
    MIN
    Stay tuned in real time
    Subscribe to
    the newsletter
    By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.
    Stay tuned in real time
    Subscribe to
    the newsletter
    By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.