Coupled hackers from Russia attack small companies with fake Microsoft Entra pages
- Advertisement -
- Advertisement -
- Microsoft sees fake Entra pages that are distributed in phishing -e -mails
- The attacks were aimed at organizations in the West, usually in critical infrastructure
- The goal was to collect intelligence for the Russian-Ukrainian conflict
Russian hacking campaigns, part of the wider war effort of the country against Ukraine, become more aggressive, security researchers of Microsoft to have claimedAfter they had seen a change in how a specific threat actor, called Void Blizzard, carries out his activities.
Void SnowstormAlso known as raccoon, would usually buy and use login details of the dark web to access the IT infrastructure of their goals. Once inside, the hackers would e -mails, sensitive files and company data exfiltrate and search for resources to continue laterally throughout the organization.
However, the group has recently switched from buying Login references To steal them themselves, and to do that, the Microsoft Entra login pages began to falsify.
NATO in sight
Microsoft Entra is an extensive solution for identity and network access that many organizations use to gain access to their digital sources in both Cloud and On-Prem. Void Blizzard would create fake pages using typosquatted domains and then spread among the victims using spear phishing and similar methods.
The victims are usually small and medium-sized companies (SMB) in the West, since the campaign focuses on organizations in Ukraine and NATO member states, says Microsoft, suggesting that it is actually part of the war in Russian war against Ukraine and is designed to collect intelligence.
That said, the majority of the victims in the government, Defense, Transport, Media, NGO and Healthcare is.
In some cases, the hackers also focused on education, telecommunications and law enforcement agencies, with more than 20 NGOs in Europe and North America.
“Void Blizzard focuses primarily on the NATO member states and Ukraine. Much of the compromised organizations overlap each other with earlier-of-or-oriented on other well-known Russian state actors, including Forest Blizzard, Midnight Blizzard,” concluded.
“This intersection suggests that shared espionage and intelligence collection interests assigned to the parent organizations of these threat factors.”
Maybe you like it too
- Advertisement -