Close Menu
  • Academy
  • Events
  • Identity
  • International
  • Inventions
  • Startups
    • Sustainability
  • Tech
  • Spanish
What's Hot

Top 10 Startups and Tech Funding News for the Weekly Ends June 6, 2025

Why investing in a growing AI startup is risky and more complicated

Humanity appoints national security experts to governing trusts

Facebook X (Twitter) Instagram
  • Home
  • About Us
  • Advertise with Us
  • Contact Us
  • DMCA
  • Privacy Policy
  • Terms & Conditions
  • User-Submitted Posts
Facebook X (Twitter) Instagram
Fyself News
  • Academy
  • Events
  • Identity
  • International
  • Inventions
  • Startups
    • Sustainability
  • Tech
  • Spanish
Fyself News
Home » Russian hackers violate over 20 NGOs using Evilginx phishing via fake Microsoft Entra pages
Identity

Russian hackers violate over 20 NGOs using Evilginx phishing via fake Microsoft Entra pages

userBy userMay 27, 2025No Comments4 Mins Read
Share Facebook Twitter Pinterest Telegram LinkedIn Tumblr Email Copy Link
Follow Us
Google News Flipboard
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link

Microsoft is shedding light on a cluster of previously undocumented threat activities that originated from a threat actor (aka laundry bear) affiliated with Russia, which is said to be attributed to “cloud abuse around the world.”

Hacking groups, which have been active since at least April 2024, are linked primarily to espionage targeting organizations that are important to the Russian government’s goals, including government, defense, transportation, media, non-governmental organizations (NGOs), and healthcare sectors in Europe and North America.

“They often use stolen sign-in details that are likely to be purchased from the online marketplace to access their organization,” the Microsoft Threat Intelligence team said in a report released today. “When they get inside, they steal a lot of emails and files.”

The attacks attached by Void Blizzard have been found to be disproportionately single NATO countries and Ukraine, suggesting that the enemy is trying to gather intelligence to gather more Russian strategic targets.

Cybersecurity

Specifically, threat actors are known to target governmental organizations and law enforcement agencies of NATO and countries that provide direct military or humanitarian assistance to Ukraine. It is also said that it successfully attacked Ukraine’s education, transport and defense industries.

This includes the October 2024 compromise on several user accounts belonging to the Ukrainian aviation organization previously targeted by Seashell Blizzard, a threat actor linked to the Russian General Staff Main Intelligence Bureau (GRU), in 2022.

The attack is characterized as an opportunistic, targeted, massive effort designed to violate targets deemed valuable by the Russian government. The initial access method consists of unslearning techniques such as password spraying and stolen authentication credentials.

In some campaigns, threat actors are using stolen credentials that are likely to come from the product information steeler logs available in Cyber ​​Crime Underground to harvest exchanges and files from SharePoint Online and SharePoint Online, as well as compromised organizations.

“Threat actors also used publicly available AzureHound tools to enumerate Microsoft Entra ID configurations for compromised organizations to obtain information about users, roles, groups, applications, and devices belonging to that tenant,” Microsoft said.

Just like last month, Windows makers said they observed that hacking crews shifted to “more direct methods” and “more direct methods” to steal passwords. For example, you can use the attacker (AITM) landing page to send a spear phishing email designed to trick the victim into splitting your login information.

This activity requires the use of a Typosquatted domain, impersonating the Microsoft Entra authentication portal to target over 20 NGOs in Europe and the US. The email message was claimed to be from the organizers of the European Defense and Security Summit and contained a PDF attachment containing a fake invitation to the Summit.

The current desire to want a PDF document is the malicious QR code that redirects to the attacker control domain (“Micsrosoftonline”)[.]com “) hosts a credential phishing page. The phishing page is thought to be based on an open source evil phishing kit.

Post-effect actions after gaining initial access and Microsoft graph abuse enumerate user mailboxes and cloud host files, leveraging automation to facilitate bulk data collection. In some cases, it is also said that threat actors have accessed Microsoft team conversations and messages via web client applications.

Cybersecurity

“Many of the infringed organizations overlap in the past, or sometimes in some cases, at the same time by other well-known Russian national actors, such as Forest Blizzard, Midnight Blizzard, and Secret Blizzard,” Microsoft said. “This intersection suggests the interest of the shared spy and intelligence collection assigned to the parent organization of these threat actors.”

Invalid snowstorm linked to a September violation of Dutch police agency

Another advice stated that the Dutch Defense Intelligence Agency (MIVD) stated that on September 23, 2024, that contact information related to the police employee’s work was obtained by threat leaders due to violations of Dutch police employee accounts via a Pass Cookie attack.

A pass cookie attack is a scenario in which an attacker uses stolen cookies obtained through information steeler malware to sign in to an account without entering a username and password. Currently, it is not currently known whether other information was stolen, but it is likely that other Dutch organizations have also been targeted.

“Landry Bear is looking for information on the purchase and production of military equipment by the Western government and is looking for western supply of weapons to Ukraine,” Admiral Peter Leesink, Director-General of MIVD, said in a statement.

Did you find this article interesting? Follow us on Twitter and LinkedIn to read exclusive content you post.

Source link

Follow on Google News Follow on Flipboard
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Previous ArticleAccording to WSJ, Salesforce is set up to acquire Informatica in a $8 billion deal
Next Article Hormona raises $6.6 million to disrupt women’s hormone health with AI and home testing
user
  • Website

Related Posts

The new Atomic Macos Stealer campaign targets Apple users by exploiting Clickfix

June 6, 2025

Empower users and protect against Genai data loss

June 6, 2025

Microsoft will help CBI to dismantle the Indian call centre behind Japan’s technical assistance scam

June 6, 2025
Add A Comment
Leave A Reply Cancel Reply

Latest Posts

Top 10 Startups and Tech Funding News for the Weekly Ends June 6, 2025

Why investing in a growing AI startup is risky and more complicated

Humanity appoints national security experts to governing trusts

The Crypto Public Listing Boom Begins: Thanks to Circle’s Blockbuster IPO

Trending Posts

Sana Yousaf, who was the Pakistani Tiktok star shot by gunmen? |Crime News

June 4, 2025

Trump says it’s difficult to make a deal with China’s xi’ amid trade disputes | Donald Trump News

June 4, 2025

Iraq’s Jewish Community Saves Forgotten Shrine Religious News

June 4, 2025

Subscribe to News

Subscribe to our newsletter and never miss our latest news

Please enable JavaScript in your browser to complete this form.
Loading

Welcome to Fyself News, your go-to platform for the latest in tech, startups, inventions, sustainability, and fintech! We are a passionate team of enthusiasts committed to bringing you timely, insightful, and accurate information on the most pressing developments across these industries. Whether you’re an entrepreneur, investor, or just someone curious about the future of technology and innovation, Fyself News has something for you.

Top 10 Startups and Tech Funding News for the Weekly Ends June 6, 2025

Order openai to keep all chatgpt logs including deleted temporary chats, API requests

Omada Health is now available: Virtual Care Startup joins IPO Wave, paying $150 million, $1.1 billion valuation of NASDAQ debut

Top 10 Startup and Tech Funding News – June 5, 2025

Facebook X (Twitter) Instagram Pinterest YouTube
  • Home
  • About Us
  • Advertise with Us
  • Contact Us
  • DMCA
  • Privacy Policy
  • Terms & Conditions
  • User-Submitted Posts
© 2025 news.fyself. Designed by by fyself.

Type above and press Enter to search. Press Esc to cancel.