Microsoft emails that warned customers of Russian hacks criticized for looking like spam and phishing

Date:

Share post:


In March, Microsoft confirmed that Russian government hackers known as Midnight Blizzard (or APT29) had broken into its systems with the goal of stealing various kinds of information, including data on Microsoft customers. 

Months later, Microsoft is still in the process of notifying its affected customers, and it looks like the process isn’t going very well, with experts criticizing Microsoft for sending emails that look like spam, or even phishing attempts. 

Kevin Beaumont, a former Microsoft employee and now a cybersecurity researcher who closely follows the company, has been warning companies to keep an eye out for these Microsoft emails. 

“Microsoft had a breach by Russia impacting customer data and didn’t follow the Microsoft 365 customer data breach process. The notifications aren’t in the portal, they emailed tenant admins instead.” Beaumont wrote on his LinkedIn account. “The emails can go into spam — and tenant admin accounts are supposed to be secure breakglass accounts without email. They also haven’t informed orgs via account managers. You want to check all emails going back to June. It is widespread.”

One of the main issues with Microsoft’s notification email is that it includes a “secure link” to a domain that bears no apparent connection to Microsoft. Instead, the email includes a link to: “purviewcustomer.powerappsportals.com.” 

“Basically, the critical alert looks like a phishing attack,” one person wrote on X.

That link has been submitted to urlscan.io, a site that can help spot malicious links, more than a hundred times. That suggests that there are a lot of organizations that saw that official legitimate Microsoft email and thought it was malicious.

Contact Us

Do you have more information about this Microsoft incident? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram, Keybase and Wire @lorenzofb, or email. You also can contact TechCrunch via SecureDrop.

The urlscan.io submissions also suggest there are at least a hundred companies that were affected by the Russian government hack on Microsoft. U.S. cybersecurity agency CISA previously said that the Russian hackers also stole emails of several federal agencies. 

Apart from Beaumont’s warnings, there is some evidence that Microsoft customers are legitimately confused. In a Microsoft support portal, one customer shared the email their organization received in an attempt to get clarity on whether it was a genuine Microsoft email. 

“This email has several red flags for me, the request for the TenantID and essentially admin or high level email addresses, the powerapps page being barebones, and some quick Googling not finding anything related to the title of this email or it’s [sic] contents,” the person wrote. “Can anyone confirm this is a legit Microsoft email request?”

Commenting on Beaumont’s LinkedIn post, a cybersecurity consultant said that “several” of his clients received the email and “All of them were worried it was phishing.”

“At first glance, this did not inspire trust for the recipients, who started asking in forums or reaching out to Microsoft account managers to eventually confirm that the email was legitimate…weird way for a provider like this to communicate an important issue to potentially affected customers,” the consultant wrote. 

Microsoft spokespeople did not respond when TechCrunch asked how many organizations have been notified, or if the company plans to change the way it notifies affected customers. 



Source link

Lisa Holden
Lisa Holden
Lisa Holden is a news writer for LinkDaddy News. She writes health, sport, tech, and more. Some of her favorite topics include the latest trends in fitness and wellness, the best ways to use technology to improve your life, and the latest developments in medical research.

Recent posts

Related articles

Threads is testing a post scheduling feature

Meta’s social network Threads is experimenting with a feature that will let you schedule posts, Instagram head...

India’s MobiKwik surges 82% in market debut

Shares in digital payments firm MobiKwik surged 82% to ₹507.5 ($6) on their first day of trading,...

The DOJ wants a Perplexity executive to testify in its Google antitrust case

A U.S. court ruled in August that Google has a search monopoly, and while Google appeals, the...

Insight VC describes Databricks’ wild $10B deal and the bad advice the CEO ignored

It’s been a wild week for investors clawing their way into Databricks’ record-breaking $10 billion fund raising, one...

Salesforce plans to hire 2,000 people to sell its AI products

Cloud software giant Salesforce is looking to hire thousands of new salespeople to sell its AI tools...

OpenAI says it has no plans for a Sora API — yet

OpenAI says it has no plans to release an API for Sora, its AI model that can...

Grubhub to pay $25M for ‘deceptive’ practices against customers, drivers

Grubhub will pay $25 million to settle a lawsuit from the Federal Trade Commission and Illinois Attorney...

AI boom masks fundraising struggles for non-AI startups

Earlier this year, IVP general partner Tom Loverro, proclaimed that the post-pandemic downturn is over, and companies...