Microsoft Teams users are under attack. Here’s how to protect yourself against Midnight Blizzard.

That suspicious Teams message request could land you in big trouble.

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

What you need to know

What you need to know

Microsoft recently identified a new exploit by a Russian hacker group called Midnight Blizzard affecting Teams users. According toMicrosoft Threat Intelligence, the hackers are leveraging previously compromised Microsoft 365 tenants belonging to small business owners to create new domains purporting to be technical support entities, as reported byNeowin.

The company further indicated that the attackers have been using these domains to send Teams messages to unsuspecting users to gain access to crucial and private information. Midnight Blizzard’s ploy bypasses multifactor authentication (MFA) by getting the Teams users to approve the prompts from their end.

As a workaround, Microsoft recommends reinforcing elaborate security measures that will flag any authentication requests not initiated by the user as a threat. The company’s findings indicate that the exploit has impacted fewer than40 unique global organizations. Andaccording to Microsoft:

The organizations targeted in this activity likely indicate specific espionage objectives by Midnight Blizzard directed at government, non-government organizations (NGOs), IT services, technology, discrete manufacturing, and media sectors.

Microsoft has disclosed that the hacker group’s exploits have been mitigated and that investigation is ongoing to determine the attack’s impact and a permanent remedy. The company has already reached out to targeted or compromised customers and furnished them with all the necessary information to prevent the recurrence of this issue.

Brace up with multi-factor authentication (MFA)

Brace up with multi-factor authentication (MFA)

The social engineering attack by Midnight Blizzard is a ploy that multiple organizations have fallen victim to. Attackers are transitioning from old plays, like sending malicious links to unsuspecting users, to more sophisticated techniques.

As you might already know, multi-factor authentication (MFA) is an important feature that beefs up the security of your online accounts and prevents unauthorized users from accessing your personal information. As such, it’s extremely important to ensure that you’veset up two-factor authentication (2FA)on your accounts. Microsoft has also provided acomprehensive list of recommendationsdesigned to reduce the risk of this threat.

Get the Windows Central Newsletter

All the latest news, reviews, and guides for Windows and Xbox diehards.

Kevin Okemwa is a seasoned tech journalist based in Nairobi, Kenya with lots of experience covering the latest trends and developments in the industry at Windows Central. With a passion for innovation and a keen eye for detail, he has written for leading publications such as OnMSFT, MakeUseOf, and Windows Report, providing insightful analysis and breaking news on everything revolving around the Microsoft ecosystem. You’ll also catch him occasionally contributing at iMore about Apple and AI. While AFK and not busy following the ever-emerging trends in tech, you can find him exploring the world or listening to music.