1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Russia-linked hackers are attacking small businesses using fake M

    From TechnologyDaily@1337:1/100 to All on Wednesday, May 28, 2025 16:30:08
    Russia-linked hackers are attacking small businesses using fake Microsoft Entra pages

    Date:
    Wed, 28 May 2025 15:19:00 +0000

    Description:
    Russians are after intelligence info, and they're faking Microsoft Entra
    pages to get it.

    FULL STORY ======================================================================Microsof t spots fake Entra pages being distributed in phishing emails The attacks targeted organizations in the West, mostly in critical infrastructure The
    goal was to gather intelligence for the Russo-Ukrainian conflict

    Russian hacking campaigns, part of the countrys wider war effort against Ukraine, are getting more aggressive, security researchers from Microsoft
    have claimed , after they spotted a change in how a specific threat actor, called Void Blizzard, is running its operations.

    Void Blizzard, also known as Laundry Bear, would usually buy login
    credentials off the dark web and use them to gain access to their targets IT infrastructure. Once inside, the hackers would exfiltrate emails, sensitive files, and business data, and look for means to continue moving laterally throughout the organization.

    However, in recent times, the group has switched from buying login
    credentials into stealing them itself, and to do that it started spoofing Microsoft Entra login pages. NATO in the crosshairs

    Microsoft Entra is a comprehensive identity and network access solution that many organizations use to secure access to their digital resources across
    both cloud and on-prem. Void Blizzard would create fake pages using typosquatted domains and then distribute them to the victims using spear phishing and similar methods.

    The victims are mostly small and medium-sized businesses (SMB) located in the West, as the campaign disproportionately targets organizations in Ukraine and NATO member states, Microsoft says, suggesting it is actually part of Russias war on Ukraine, and is designed to collect intelligence from critical
    sectors.

    That being said, the majority of the victims are in government, defense, transportation, media, NGO, and healthcare.

    In some instances, the hackers targeted education, telecommunications, and
    law enforcement agencies, as well, with more than 20 NGOs in Europe and North America targeted.

    Void Blizzard primarily targets NATO member states and Ukraine. Many of the compromised organizations overlap with pastor, in some cases, concurrenttargeting by other well-known Russian state actors, including
    Forest Blizzard, Midnight Blizzard, and Secret Blizzard, Microsoft concluded.

    This intersection suggests shared espionage and intelligence collection interests assigned to the parent organizations of these threat actors. You might also like Global Russian hacking campaign steals data from government agencies Take a look at our guide to the best authenticator app We've rounded up the best password managers



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/russia-linked-hackers-are-attacking-sma ll-businesses-using-fake-microsoft-entra-pages


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)