2025-01-30 19:08:30 Pacfic
Ransomware Groups Exploit Microsoft Office 365 - 5d
Two ransomware groups, identified as STAC5143 and STAC5777, are actively targeting Microsoft Office 365 users by exploiting default settings and using their own Microsoft 365 tenants. These groups are leveraging the platform's features, like Teams, to initiate contact with internal users under the guise of tech support. This tactic is being used to gain access to victim systems. This concerning activity highlights a significant vulnerability in the default configuration of Microsoft 365 and the need for enhanced security measures.
Sophos researchers have detailed the tactics used by both groups. STAC5143 uses Teams’ remote control capabilities and deploys Java-based tools to exploit systems, extracting Python backdoors via SharePoint links. Meanwhile, STAC5777 uses Microsoft Quick Assist and manual configuration changes to install malware, steal credentials, and discover network resources. Both groups share techniques with other known threat actors, like Storm-1811 and FIN7. These attacks often start with spam email bombing, sometimes sending 3,000 emails in an hour, followed by Teams calls requesting screen control for malicious purposes, highlighting a multi-pronged social engineering approach.
ImgSrc: i0.wp.com
References:
- CISO2CISO.COM & CYBER SECURITY GROUP - Sophos MDR tracks two ransomware campaigns using "email bombing," Microsoft Teams "vishing." - 6d
- ciso2ciso.com - Two ransomware groups abusing Microsoft's Office 365 platform - 5d
- CISO2CISO.COM & CYBER SECURITY GROUP - Details about the attacks and the tactics being used. - 5d
- Cybersecurity News - STAC5143 and STAC5777: New Ransomware Campaigns Target Microsoft Office 365 Users - 5d
- CISO2CISO.COM & CYBER SECURITY GROUP - Two ransomware groups abuse Microsoft’s Office 365 platform to gain access to target organizations - 5d
- Security Archives - Security Affairs - Two ransomware groups abuse Microsoft’s Office 365 platform to gain access to target organizations - 5d
- securityonline.info - STAC5143 and STAC5777: New Ransomware Campaigns Target Microsoft Office 365 Users - 5d
Classification:
- HashTags: Ransomware Microsoft365 CyberAttack
- Company: Microsoft
- Target: Microsoft Office 365 users
- Product: Office 365
- Feature: Office 365 exploit
- Type: Ransomware
- Severity: Major