Jump to content
  • Microsoft Teams phishing attack targets corporate networks

    aum

    • 1 comment
    • 604 views
    • 2 minutes
     Share


    • 1 comment
    • 604 views
    • 2 minutes

    Microsoft says a threat actor known for working with ransomware groups started distributing phishing lures via Microsoft Teams chats.

     

    Financially motivated group Storm-0324, known to act as initial access broker, has started using Teams to target potential victims, security researchers at Microsoft said.

     

    “Beginning in July 2023, Storm-0324 was observed distributing payloads using an open-source tool to send phishing lures through Microsoft Teams chats,” researchers said.

     

    Initial access brokers gain a foothold in victim systems and later sell the access to other cybercriminals, often leading to deployment of ransomware.

     

    According to Microsoft, Storm-0324 also distributes payloads for other attackers. The group is known to employ evasive techniques, using payment and invoice lures to coax victims. The gang is known to have distributed malware for the notorious Russian cybercrime gangs FIN7 and Cl0p.

     

    Researchers discovered that Storm-0324 distributes phishing lures over Teams. Attackers send victims links leading to malicious SharePoint-hosted files. To scale up the mission, cybercriminals employ TeamsPhisher, which “enables Teams tenant users to attach files to messages sent to external tenants.”

     

    “These Teams-based phishing lures by threat actors are identified by the Teams platform as “EXTERNAL” users if external access is enabled in the organization,” Microsoft said.

     

    The company said it has suspended accounts and tenants associated with fraudulent behavior and has rolled out enhancements and restrictions to protect customers.

     

    Last month, Microsoft said a Russian government-linked hacking group targeted dozens of global organizations with a campaign to steal login credentials by engaging users in Microsoft Teams chats pretending to be from technical support.

     

    However, the tech giant noted in its blog that the two discoveries are unrelated, indicating two separate campaigns.

     

    Source


    User Feedback

    Recommended Comments

    This should NOT continue happening.

     

    CEO Nadella = Weak Leadership

    Weak Leadership = Weak Security

    Weak Security = Getting Hacked

     

    Nadella needs to be removed from his posiiton.  As in NOW.

    Link to comment
    Share on other sites




    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...