By using this site, you agree to the Privacy Policy and Terms of Use.
Accept

News Junction

Notification Show More
Font ResizerAa
  • Home
  • World News
    World NewsShow More
    UK political opinion poll tracker
    UK political opinion poll tracker
    May 16, 2025
    Asian markets stagger into weekend as trade rally runs out of legs
    Asian markets stagger into weekend as trade rally runs out of legs
    May 16, 2025
    Baby KJ was born with a rare, deadly disease. Doctors designed a fix – just for him
    Baby KJ was born with a rare, deadly disease. Doctors designed a fix – just for him
    May 16, 2025
    FIFA president Gianni Infantino criticised by European football chiefs over decision to join Donald Trump tour | World News
    FIFA president Gianni Infantino criticised by European football chiefs over decision to join Donald Trump tour | World News
    May 16, 2025
    Arctic Worries: Melting Ice, and a Russia-China Partnership
    Arctic Worries: Melting Ice, and a Russia-China Partnership
    May 16, 2025
  • Business
    BusinessShow More
    Ukraine blows up bridges to consolidate its positions in Russia
    Ukraine blows up bridges to consolidate its positions in Russia
    August 18, 2024
    Commentary: AI phones from Google and Apple will erode trust in everything
    Commentary: AI phones from Google and Apple will erode trust in everything
    August 18, 2024
    The most famous Indian Dishes – Insights Success
    The most famous Indian Dishes – Insights Success
    August 18, 2024
    Life on the road as a female long rides cyclist
    Life on the road as a female long rides cyclist
    August 18, 2024
    UK inflation rises to 2.2%
    UK inflation rises to 2.2%
    August 18, 2024
  • Cryptocurrency
    CryptocurrencyShow More
    BTC, ETH, XRP, BNB, SOL, ADA, DOGE, PI, HBAR, LINK
    BTC, ETH, XRP, BNB, SOL, ADA, DOGE, PI, HBAR, LINK
    May 16, 2025
    Bitcoin traders’ evolving view of BTC’s role in every portfolio bolsters 0K support
    Bitcoin traders’ evolving view of BTC’s role in every portfolio bolsters $100K support
    May 16, 2025
    Crypto’s lack of ‘frothy use case’ a good sign: WisdomTree exec
    Crypto’s lack of ‘frothy use case’ a good sign: WisdomTree exec
    May 16, 2025
    Tornado Cash dev Roman Storm trial goes ahead with slight trim
    Tornado Cash dev Roman Storm trial goes ahead with slight trim
    May 16, 2025
    Bitcoin to outperform gold in second half of 2025: JP Morgan
    Bitcoin to outperform gold in second half of 2025: JP Morgan
    May 16, 2025
  • Technology
    TechnologyShow More
    How to Improve Your Spotify Recommendations
    How to Improve Your Spotify Recommendations
    August 18, 2024
    X says it’s closing operations in Brazil
    X says it’s closing operations in Brazil
    August 18, 2024
    Supermoon set to rise: Top tips for amateur photographers | Science & Tech News
    Supermoon set to rise: Top tips for amateur photographers | Science & Tech News
    August 18, 2024
    Scientists Want to See Videos of Your Cat for a New Study
    Scientists Want to See Videos of Your Cat for a New Study
    August 18, 2024
    OpenAI’s new voice mode let me talk with my phone, not to it
    OpenAI’s new voice mode let me talk with my phone, not to it
    August 18, 2024
  • Entertainment
  • Sports News
  • People
  • Trend
Reading: Cozy Bear hijacks SME Microsoft 365 tenants in latest campaign
Share
Font ResizerAa

News Junction

  • World News
  • Business
  • Technology
  • Cryptocurrency
  • Trend
  • Entertainment
Search
  • Recent Headlines in Entertainment, World News, and Cryptocurrency – NewsJunction
  • World News
  • Business
  • Cryptocurrency
  • Technology
  • Entertainment
  • Sports News
  • People
  • Trend
Have an existing account? Sign In
Follow US
News Junction > Blog > Technology > Cozy Bear hijacks SME Microsoft 365 tenants in latest campaign
Cozy Bear hijacks SME Microsoft 365 tenants in latest campaign
Technology

Cozy Bear hijacks SME Microsoft 365 tenants in latest campaign

Published August 3, 2023
Share
5 Min Read
SHARE

A new campaign of social engineering activity targeting organisations of interest to Russian intelligence has been observed in the wild, in which already-compromised Microsoft 365 tenants owned by legitimate small businesses are being used to ensnare victims through bogus Microsoft Teams messages.

The activity is attributed to the advanced persistent threat (APT) group most popularly known as Cozy Bear, which under Microsoft’s revised terminology was recently rebranded from Nobelium to Midnight Blizzard, but also goes by APT29 and UNC2452 depending on whose report you read. The group is arguably most famous for the 2020/1 SolarWinds incident.

In a new advisory posted on 2 August, Microsoft revealed how Cozy Bear exploited unwitting SMEs to create new domains using the legitimate onmicrosoft.com subdomain. These domains would have appeared to a casual observer to be technical support entities and used cyber security-themed terminology.

The group was then able to add a new user associated with the fraudulent domain and use that identity to send Teams messages to potential targets, by means of which it attempted to steal credentials by engaging the user and getting them to approve multifactor authentication (MFA) prompts.

“Our current investigation indicates this campaign has affected fewer than 40 unique global organisations,” said Microsoft.

“Spearphishing attacks target individuals with access to specific information… As with your email, you should be sceptical of unsolicited approaches from anyone external to the organisation trying to reach out through Teams”
Andy Garth, ESET

“The organisations targeted in this activity likely indicate specific espionage objectives by Midnight Blizzard directed at government, non-government organisations (NGOs), IT services, technology, discrete manufacturing and media sectors.

“Microsoft has mitigated the actor from using the domains and continues to investigate this activity and work to remediate the impact of the attack. As with any observed nation-state actor activity, Microsoft has directly notified targeted or compromised customers, providing them with important information needed to secure their environments.”

Cozy Bear’s latest ruse is another example of the APT’s remarkable consistent and persistent approach to operational targeting, and its determination to stay one step ahead of defenders by constantly innovating its tactics, techniques and procedures (TTPs).

It has often been observed using somewhat novel methods to entice its victims into making a mistake. Last month, Palo Alto Networks’ Unit 42 caught it piggybacking on an advert for a used BMW, posted online by a Polish diplomat in Kyiv.

My1Login CEO Mike Newman said this latest technique would have been almost impossible for the untrained eye to spot.

“Because the attackers were using a legitimate Microsoft domain, it would only have taken a very curious and security-savvy user to investigate the prompts further and realise they were fake. As a result of this, even despite the low number of organisations targeted, this attack would have picked up many victims,” he said.

“Businesses therefore need to take their own remediation action against these threats, and one of the best ways to do this is by removing passwords and credentials from users’ hands. This means even when highly sophisticated scams do reach user inboxes, users can’t be tricked into handing over their credentials because they simply do not know them.”

ESET government affairs director Andy Garth added: “Spear phishing attacks target individuals with access to specific information, thus requiring the attackers to undertake background work to hone their approach, gain the confidence of their victims and lure them. As with your email, you should also be sceptical of unsolicited approaches from anyone external to the organisation trying to reach out through Teams.”

#Cozy #Bear #hijacks #SME #Microsoft #tenants #latest #campaign

TAGGED:bearcampaignCozyhijackslatestMicrosoftSMEtenants
Share This Article
Facebook Twitter Pinterest Whatsapp Whatsapp LinkedIn Email Copy Link Print
Share
What do you think?
Love0
Sad0
Happy0
Sleepy0
Angry0
Dead0
Wink0
Previous Article Women’s World Cup 2023: Fixtures and match schedule for Round of 16 | Women’s World Cup News Women’s World Cup 2023: Fixtures and match schedule for Round of 16 | Women’s World Cup News
Next Article Bitcoin Price Analysis: Orbiting 29164 Bitcoin Price Analysis: Orbiting 29164
- Advertisement -

Latest Post

BTC, ETH, XRP, BNB, SOL, ADA, DOGE, PI, HBAR, LINK
BTC, ETH, XRP, BNB, SOL, ADA, DOGE, PI, HBAR, LINK
Cryptocurrency
UK political opinion poll tracker
UK political opinion poll tracker
World News
Bitcoin traders’ evolving view of BTC’s role in every portfolio bolsters 0K support
Bitcoin traders’ evolving view of BTC’s role in every portfolio bolsters $100K support
Cryptocurrency
Crypto’s lack of ‘frothy use case’ a good sign: WisdomTree exec
Crypto’s lack of ‘frothy use case’ a good sign: WisdomTree exec
Cryptocurrency
Asian markets stagger into weekend as trade rally runs out of legs
Asian markets stagger into weekend as trade rally runs out of legs
World News
Tornado Cash dev Roman Storm trial goes ahead with slight trim
Tornado Cash dev Roman Storm trial goes ahead with slight trim
Cryptocurrency
- Advertisement -

You Might Also Like

Apple gives developers a way to nominate their apps for editorial consideration on the App Store
Technology

Apple gives developers a way to nominate their apps for editorial consideration on the App Store

June 14, 2024
Heart failure monitoring startup, Acorai, turns heads with oversubscribed seed
Technology

Heart failure monitoring startup, Acorai, turns heads with oversubscribed seed

January 30, 2024
Obesity Drug Wegovy Found to Prevent Heart Attacks, Strokes
Technology

Obesity Drug Wegovy Found to Prevent Heart Attacks, Strokes

August 8, 2023
Elon Musk’s Twitter is X. Its original name is from the dictionary.
Technology

Elon Musk’s Twitter is X. Its original name is from the dictionary.

July 25, 2023

About Us

NEWS JUNCTION (NewsJunction.xyz) Your trusted destination for global news. Stay informed with our timely and accurate reporting on diverse topics, including politics, technology, science, entertainment, sports, and more. Count on us for unbiased and reliable updates at your fingertips.

Quick Link

  • About
  • Disclaimer
  • Privacy Policy
  • Terms of Use
  • Contact

Top Categories

  • World News
  • Business
  • Technology
  • Entertainment
  • Cryptocurrency
  • Sports News
  • Trend
  • People

Subscribe

Subscribe to our newsletter to get our newest articles instantly!

    © 2023 News Junction.
    • Blog
    • Advertise
    • Contact
    Welcome Back!

    Sign in to your account

    Username or Email Address
    Password

    Lost your password?