Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Russian Hackers Breached Government Agencies' MFA Using Microsoft Teams: Is Your Business Next?

    HackingMultifactor-OD-SocialMicrosoft's recent blog post raised eyebrows through the cybersecurity community. State-backed hackers linked to Russia, known as APT29 or Cozy Bear, have executed “highly targeted” phishing attacks through Microsoft's Teams platform. These are the same hackers behind the historic SolarWinds hack in 2020 and the 2016 breach of the Democratic National Committee.

    The method was both sophisticated and alarmingly simple. By compromising Microsoft 365 accounts owned by small businesses, the hackers created domains to deceive their targets through Microsoft Teams messages. They engaged users and elicited approval of MFA prompts, bypassing what is usually considered a robust security measure. 

    This incident raises a critical question: Is your business next? Here's what you need to know to protect your organization: 

    1. Understand the Threat: Recognize that even platforms like Microsoft Teams can be exploited. Stay informed about the latest threats and how they might affect your business.
    2. Educate and Train Your Team: Regular security awareness training empowers your employees to recognize and respond to phishing attempts and other threats.
    3. Implement Wall-to-Wall MFA: While MFA is essential, it's not infallible. There are many ways to hack MFA. Make sure to patch your systems regularly and use phishing-resistant MFA technology like FIDO. 
    4. Regularly Monitor and Assess: Continuously monitor your systems for unusual activities and conduct regular security assessments to identify potential vulnerabilities.

    The Russian hackers' breach of government agencies is a reminder that cyber threats are constantly evolving. No organization is immune, and complacency can lead to devastating consequences.

    At KnowBe4, we believe that a proactive, informed approach to cybersecurity is your strongest defense. By understanding the threats, educating your team, implementing robust security measures, and collaborating with experts, you can protect your organization against even the most sophisticated attackers.  Stay vigilant, and remember your security is only as strong as your weakest link.

     

    Return To KnowBe4 Security Blog

    Topics: MFA

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews