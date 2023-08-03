putin hackers illustration

Russian spies posed as tech support on Microsoft Teams as part of a hacking campaign that targeted governments around the world.

A series of “highly targeted social engineering attacks” saw Russia’s Foreign Intelligence Service (SVR) try to break into around 40 organisations worldwide, including governments.

The SVR’s targets included government departments, NGOs, charities and companies from the IT services, technology, manufacturing, and media sectors, Microsoft said.

The hackers used Microsoft Teams, a widely used business chat tool, to try and tempt their targets into clicking malicious links.

Microsoft said: “The target user may receive a Microsoft Teams message request from an external user masquerading as a technical support or security team.”

Accepting that message and clicking on a link in it gave the Russians a clear path into the target organisation’s computer systems, granting access for further espionage.

What makes the latest attack notable is that the Russians found a way to send Teams messages that appeared to come from a legitimate Microsoft tech support user with an email address ending in onmicrosoft.com.

Andy Garth, government affairs director at antivirus company ESET, described the hacking attempts as “not technically sophisticated”, referring to spear phishing – an industry name for the process of trying to trick someone into clicking on a malicious link.

He said: “Spear phishing attacks target individuals with access to specific information, thus requiring the attackers to undertake background work to hone their approach, gain the confidence of their victims and lure them.

“As with your email, you should also be sceptical of unsolicited approaches from anyone external to [your] organisation trying to reach out through MS Teams.”

The hack comes as Microsoft faces sustained criticism over Chinese state hackers successfully breaking into its email servers and reading top US officials’ messages, including those of Commerce Secretary Gina Raimondo.

US senator Ron Wyden has called Microsoft “negligent” and demanded a government investigation into the company’s response. Microsoft has not responded publicly to Mr Wyden’s calls.

State Department and company officials jointly revealed the digital break-in last week, with Microsoft saying at the time that it had “contacted all targeted or compromised organisations directly… with important information to help them investigate and respond”.

The Chinese forged digital master keys that gave them access to Microsoft’s email servers. Their targets were not named publicly but the company said they mainly included “entities in Western Europe”.

