Close Menu
  • Academy
  • Events
  • Identity
  • International
  • Inventions
  • Startups
    • Sustainability
  • Tech
  • Spanish
What's Hot

Mira Murati’s AI Startup Thinking Machine Lab emerges from stealth at $20 billion seed and $1 billion valuation

Wisconsin and Nill Collective say in the lawsuit that Miami induces an inappropriately induced footballer

Federal judge blocks Trump’s efforts to prevent Harvard from hosting foreign students

Facebook X (Twitter) Instagram
  • Home
  • About Us
  • Advertise with Us
  • Contact Us
  • DMCA
  • Privacy Policy
  • Terms & Conditions
  • User-Submitted Posts
Facebook X (Twitter) Instagram
Fyself News
  • Academy
  • Events
  • Identity
  • International
  • Inventions
  • Startups
    • Sustainability
  • Tech
  • Spanish
Fyself News
Home » Russian hackers violate over 20 NGOs using Evilginx phishing via fake Microsoft Entra pages
Identity

Russian hackers violate over 20 NGOs using Evilginx phishing via fake Microsoft Entra pages

userBy userMay 27, 2025No Comments4 Mins Read
Share Facebook Twitter Pinterest Telegram LinkedIn Tumblr Email Copy Link
Follow Us
Google News Flipboard
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link

Microsoft is shedding light on a cluster of previously undocumented threat activities that originated from a threat actor (aka laundry bear) affiliated with Russia, which is said to be attributed to “cloud abuse around the world.”

Hacking groups, which have been active since at least April 2024, are linked primarily to espionage targeting organizations that are important to the Russian government’s goals, including government, defense, transportation, media, non-governmental organizations (NGOs), and healthcare sectors in Europe and North America.

“They often use stolen sign-in details that are likely to be purchased from the online marketplace to access their organization,” the Microsoft Threat Intelligence team said in a report released today. “When they get inside, they steal a lot of emails and files.”

The attacks attached by Void Blizzard have been found to be disproportionately single NATO countries and Ukraine, suggesting that the enemy is trying to gather intelligence to gather more Russian strategic targets.

Cybersecurity

Specifically, threat actors are known to target governmental organizations and law enforcement agencies of NATO and countries that provide direct military or humanitarian assistance to Ukraine. It is also said that it successfully attacked Ukraine’s education, transport and defense industries.

This includes the October 2024 compromise on several user accounts belonging to the Ukrainian aviation organization previously targeted by Seashell Blizzard, a threat actor linked to the Russian General Staff Main Intelligence Bureau (GRU), in 2022.

The attack is characterized as an opportunistic, targeted, massive effort designed to violate targets deemed valuable by the Russian government. The initial access method consists of unslearning techniques such as password spraying and stolen authentication credentials.

In some campaigns, threat actors are using stolen credentials that are likely to come from the product information steeler logs available in Cyber ​​Crime Underground to harvest exchanges and files from SharePoint Online and SharePoint Online, as well as compromised organizations.

“Threat actors also used publicly available AzureHound tools to enumerate Microsoft Entra ID configurations for compromised organizations to obtain information about users, roles, groups, applications, and devices belonging to that tenant,” Microsoft said.

Just like last month, Windows makers said they observed that hacking crews shifted to “more direct methods” and “more direct methods” to steal passwords. For example, you can use the attacker (AITM) landing page to send a spear phishing email designed to trick the victim into splitting your login information.

This activity requires the use of a Typosquatted domain, impersonating the Microsoft Entra authentication portal to target over 20 NGOs in Europe and the US. The email message was claimed to be from the organizers of the European Defense and Security Summit and contained a PDF attachment containing a fake invitation to the Summit.

The current desire to want a PDF document is the malicious QR code that redirects to the attacker control domain (“Micsrosoftonline”)[.]com “) hosts a credential phishing page. The phishing page is thought to be based on an open source evil phishing kit.

Post-effect actions after gaining initial access and Microsoft graph abuse enumerate user mailboxes and cloud host files, leveraging automation to facilitate bulk data collection. In some cases, it is also said that threat actors have accessed Microsoft team conversations and messages via web client applications.

Cybersecurity

“Many of the infringed organizations overlap in the past, or sometimes in some cases, at the same time by other well-known Russian national actors, such as Forest Blizzard, Midnight Blizzard, and Secret Blizzard,” Microsoft said. “This intersection suggests the interest of the shared spy and intelligence collection assigned to the parent organization of these threat actors.”

Invalid snowstorm linked to a September violation of Dutch police agency

Another advice stated that the Dutch Defense Intelligence Agency (MIVD) stated that on September 23, 2024, that contact information related to the police employee’s work was obtained by threat leaders due to violations of Dutch police employee accounts via a Pass Cookie attack.

A pass cookie attack is a scenario in which an attacker uses stolen cookies obtained through information steeler malware to sign in to an account without entering a username and password. Currently, it is not currently known whether other information was stolen, but it is likely that other Dutch organizations have also been targeted.

“Landry Bear is looking for information on the purchase and production of military equipment by the Western government and is looking for western supply of weapons to Ukraine,” Admiral Peter Leesink, Director-General of MIVD, said in a statement.

Did you find this article interesting? Follow us on Twitter and LinkedIn to read exclusive content you post.

Source link

Follow on Google News Follow on Flipboard
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Previous ArticleAccording to WSJ, Salesforce is set up to acquire Informatica in a $8 billion deal
Next Article Hormona raises $6.6 million to disrupt women’s hormone health with AI and home testing
user
  • Website

Related Posts

Qilin ransomware adds “Cole Lawyer” feature that puts pressure on victims for larger ransoms

June 20, 2025

Television in Iranian states hijacked mid-distance broadcasts amid geopolitical tensions. $90 million stolen from Crypto Heist

June 20, 2025

Successful In-house SOC 6 steps up to 24 hours a day, 365 days a year

June 20, 2025
Add A Comment
Leave A Reply Cancel Reply

Latest Posts

Mira Murati’s AI Startup Thinking Machine Lab emerges from stealth at $20 billion seed and $1 billion valuation

Wisconsin and Nill Collective say in the lawsuit that Miami induces an inappropriately induced footballer

Federal judge blocks Trump’s efforts to prevent Harvard from hosting foreign students

View the double: 15 twins who graduated from the same New York High School

Trending Posts

Sana Yousaf, who was the Pakistani Tiktok star shot by gunmen? |Crime News

June 4, 2025

Trump says it’s difficult to make a deal with China’s xi’ amid trade disputes | Donald Trump News

June 4, 2025

Iraq’s Jewish Community Saves Forgotten Shrine Religious News

June 4, 2025

Subscribe to News

Subscribe to our newsletter and never miss our latest news

Please enable JavaScript in your browser to complete this form.
Loading

Welcome to Fyself News, your go-to platform for the latest in tech, startups, inventions, sustainability, and fintech! We are a passionate team of enthusiasts committed to bringing you timely, insightful, and accurate information on the most pressing developments across these industries. Whether you’re an entrepreneur, investor, or just someone curious about the future of technology and innovation, Fyself News has something for you.

Mira Murati’s AI Startup Thinking Machine Lab emerges from stealth at $20 billion seed and $1 billion valuation

Elon Musk’s AI startup Xai will increase bond yields to 12.5% ​​with a $5 billion debt hike due to weak investor demand

Meta hires safe bipartisan executives after CEO Ilya Sutskever rejects $32 billion acquisition offer

Meta Earth Network 2.0: Pioneering Web3 Innovation with Rewards and Global Events

Facebook X (Twitter) Instagram Pinterest YouTube
  • Home
  • About Us
  • Advertise with Us
  • Contact Us
  • DMCA
  • Privacy Policy
  • Terms & Conditions
  • User-Submitted Posts
© 2025 news.fyself. Designed by by fyself.

Type above and press Enter to search. Press Esc to cancel.