# Russian-Linked Hackers Target Small Businesses with Fake Microsoft Entra Pages
Russian-linked hackers have been spotted using a new tactic in their attacks on small businesses, spoofing Microsoft Entra login pages to gain unauthorized access to sensitive data.
According to security researchers at Microsoft, the threat actor known as Void Blizzard, also referred to as Laundry Bear, has changed its approach from buying stolen login credentials to stealing them itself. This new method involves creating fake Microsoft Entra login pages using typosquatted domains and distributing them to victims through spear phishing campaigns.
The fake pages are designed to look legitimate, with the intention of tricking unsuspecting businesses into entering their login credentials. Once inside, Void Blizzard hackers exfiltrate emails, sensitive files, and business data, and then search for ways to move laterally throughout the organization.
Microsoft has identified a disproportionate number of victims in Ukraine and NATO member states, suggesting that this campaign is part of Russia's wider war effort against Ukraine. The majority of targeted organizations are located in government, defense, transportation, media, NGO, and healthcare sectors.
In addition to these targets, Void Blizzard hackers have also attacked education, telecommunications, and law enforcement agencies, with over 20 NGOs in Europe and North America falling victim to the campaign.
Microsoft researchers have noted that Void Blizzard primarily targets NATO member states and Ukraine, with many of the compromised organizations overlapping with past or concurrent targeting by other well-known Russian state actors, including Forest Blizzard, Midnight Blizzard, and Secret Blizzard. This intersection suggests shared espionage and intelligence collection interests assigned to the parent organizations of these threat actors.
The shift in tactics by Void Blizzard highlights the evolving nature of cyber threats and the need for businesses to remain vigilant in protecting their digital assets. As the conflict between Russia and Ukraine continues, it is essential for small and medium-sized businesses to be aware of these types of attacks and take steps to prevent them.
# What You Can Do to Protect Yourself
* Use two-factor authentication (2FA) whenever possible * Keep your software and operating system up to date with the latest security patches * Monitor your accounts and credit reports for suspicious activity * Use a reputable antivirus program and keep it updated * Consider implementing a VPN when accessing public Wi-Fi networks