Microsoft said it discovered Russian cyberattackers leveraging the company’s conferencing platform to victimize espionage targets, including government accounts.
The Big Tech company’s disclosure of finding Russian-linked hackers using its Microsoft Teams services in complex attacks comes as it is also recovering from a China-linked hack of emails that disrupted the U.S. government.
The Microsoft Threat Intelligence team said it observed the malicious cyber attack pattern since May, which is the same month that Microsoft said it found China-linked hackers breaching its clients’ emails.
Microsoft’s research team said Wednesday that the Russian hackers’ campaign affected fewer than 40 organizations, which the company directly notified. The company did not detail the number of victimized accounts or the targeted governments.
“The organizations targeted in this activity likely indicate specific espionage objectives by Midnight Blizzard directed at government, non-government organizations (NGOs), IT services, technology, discrete manufacturing, and media sectors,” Microsoft said on its website. “Microsoft has mitigated the actor from using the domains and continues to investigate this activity and work to remediate the impact of the attack.”
The hackers identified as Midnight Blizzard have used compromised Microsoft accounts to send Microsoft Teams requests to targeted victims. Microsoft’s researchers said if the espionage targets accept the hacker’s request, then the hackers attempt to get the target to enter a code in a Microsoft app on the target’s mobile device that provides the hacker access to the target’s account.
Midnight Blizzard is the name assigned to the hackers by Microsoft, which the company formerly called Nobelium and said was responsible for the hack of SolarWinds computer network management software. The SolarWinds hack compromised nine federal agencies, and the Biden administration attributed the damage to the work of the Russian Foreign Intelligence Service.
State-sponsored hacks disturbing the U.S. government via Microsoft’s services have provoked new scrutiny from policymakers in Washington. Sen. Ron Wyden, Oregon Democrat, pressed the Biden administration last week to investigate Microsoft over its enabling the China-linked hack this year that has disrupted the Commerce Department.
Mr. Wyden wrote to federal officials that “Microsoft never took responsibility for its role in the SolarWinds hacking campaign” and requested new action probing Microsoft from the Justice Department, Federal Trade Commission, and the Cybersecurity and Infrastructure Security Agency.
“Holding Microsoft responsible for its negligence will require a whole-of-government effort,” Mr. Wyden said in the letter.
Asked about Mr. Wyden’s letter, Microsoft said Monday that it was continuing to work with government agencies on the issue and would share information on its blog.
