Russian Hackers Targeting Microsoft 365 Accounts for Months

By /

Listen to this Post

Featured Image
Russian hackers have been successfully compromising Microsoft 365 accounts for several months, according to a report by 01Net. These attackers use sophisticated phishing and credential-stuffing techniques to infiltrate corporate email systems, leading to potential data breaches and unauthorized access.

You Should Know: How to Protect Your Microsoft 365 Account

1. Enable Multi-Factor Authentication (MFA)

MFA adds an extra layer of security. Use:

Set-MsolUser -UserPrincipalName [email protected] -StrongAuthenticationRequirements @{}

For Azure AD:

Set-AzureADUser -ObjectId [email protected] -StrongAuthenticationRequirements $mfa

2. Monitor Suspicious Logins

Check sign-in logs in Azure AD:

Get-AzureADAuditSignInLogs -Filter "createdDateTime gt 2023-10-01" | Where-Object {$_.Status.ErrorCode -ne 0}

3. Disable Legacy Authentication

Legacy protocols (like IMAP, POP3) are vulnerable:

Set-OrganizationConfig -OAuth2ClientProfileEnabled $true

4. Implement Conditional Access Policies

Restrict access from risky locations:

New-AzureADMSConditionalAccessPolicy -DisplayName "Block High-Risk Countries" -State "Enabled" -Conditions @(...)

5. Detect and Block Phishing Emails

Use Exchange Online Protection (EOP):

Get-HostedContentFilterPolicy | Set-HostedContentFilterPolicy -PhishSpamAction MoveToJmf

6. Check for Compromised Accounts

Run the Microsoft Secure Score assessment:

Get-MgSecuritySecureScore -Top 10

7. Use Advanced Threat Protection (ATP)

Enable Safe Links and Safe Attachments:

Set-AtpPolicyForO365 -EnableATPForSPOTeamsODB $true

8. Audit and Revoke Suspicious Sessions

List active sessions:

Get-AzureADUser -All $true | Get-AzureADUserRegisteredDevice

Revoke sessions:

Revoke-AzureADUserAllRefreshToken -ObjectId [email protected]

9. Educate Users on Phishing

Train employees to identify phishing attempts using:

Start-M365DSCConfiguration -ConfigurationName "PhishingSimulation"

10. Backup Critical Data

Use Microsoft 365 Backup:

Start-MgBetaDataPolicyOperation -BackupType Full

What Undercode Say

Russian hackers continue evolving their tactics, making Microsoft 365 a prime target. Implementing MFA, disabling legacy auth, and enforcing conditional access are critical. Regular audits and phishing simulations further reduce risks.

Expected Output:

  • MFA enforced
  • Legacy authentication disabled
  • Phishing emails blocked
  • Active sessions monitored
  • Secure Score improved

For more details, visit: 01Net Report

References:

Reported By: Vincent L – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 Telegram

Related Posts: