Hi All
A touch on Humint and Sigint..... By the Russians on Microsoft Teams....
https://techcrunch.com/2023/08/03/russia-hackers-microsoft-teams-government/
“If the target user accepts the message request, the user then receives a Microsoft Teams message from the attacker attempting to convince them to enter a code into the Microsoft Authenticator app on their mobile device,” Microsoft said. If the victim follows these instructions, the hacker is able to gain full access to the users’ account.
Microsoft says it has mitigated the hacking group from using the domains and “continues to investigate this activity,” including the hackers’ precursory attacks to compromise legitimate Azure tenants and the use of homoglyph domains — domains that take advantage of similarities in font letters to impersonate legitimate domains — in social engineering campaigns.
Now think of the implications...
Regards
Caute_Cautim
It is very possible that more than one IT administrator or who has a range of permissions over your organization's infrastructure falls for this.
It is common to see attacks of this type when looking for job offers or being in the application process itself.
PHR