2025-01-31 02:28:24 Pacfic
Ransomware Actors Abuse Microsoft Teams - 8d
Ransomware groups are increasingly exploiting Microsoft Teams to conduct "vishing" attacks, bypassing traditional email security measures. Attackers are initiating these attacks by flooding targeted employees with large numbers of spam emails, creating a sense of alarm. Shortly after, the attackers reach out via Microsoft Teams, posing as IT support personnel, and trick the employee into granting remote access under the guise of fixing a problem. This tactic allows the attackers to install malware directly onto the employee’s system, providing access to the company's network.
Sophos has observed over 15 incidents of this kind in the past three months with the incidents being split evenly over two different groups. These groups operate their own Microsoft 365 instances to appear legitimate and often use accounts such as "Help Desk Manager" which makes them appear like a genuine internal IT contact to the targeted employees. Security experts are highlighting the importance of changing the default Microsoft Teams settings to prevent external users from directly messaging or calling internal employees. These attacks rely on the employee’s distress and an eagerness to resolve the problem quickly, overriding their critical thinking and caution.
ImgSrc: img.helpnetsecurity.com
References:
- @jos1264 - Ransomware attackers are “vishing� organizations via Microsoft Teams 'tmiss - 9d
- www.helpnetsecurity.com - Ransomware attackers are “vishing� organizations via Microsoft Teams 'tmiss - 9d
- @bleepingcomputer.com - BleepingComputer - Ransomware gangs pose as IT support in Microsoft Teams phishing attacks - 8d
- @BleepingComputer - Ransomware gangs pose as IT support in Microsoft Teams phishing attacks - 8d
- BleepingComputer - Ransomware gangs pose as IT support in Microsoft Teams phishing attacks - 8d
- News | CSO Online - Microsoft Teams vishing attacks trick employees into handing over remote access - 8d
- ciso2ciso.com - Microsoft Teams vishing attacks trick employees into handing over remote access - 8d
- CISO2CISO.COM & CYBER SECURITY GROUP - Microsoft Teams vishing attacks trick employees into handing over remote access – Source: www.csoonline.com - 8d
- www.bleepingcomputer.com - Ransomware gangs are increasingly adopting email bombing followed by posing as tech support in Microsoft Teams calls to trick employees into allowing remote control and install malware that provides - 8d
- Security Archives - Security Affairs - Two ransomware groups abuse Microsoft’s Office 365 platform to gain access to target organizations - 8d
- news.sophos.com - Sophos : Sophos warns about incidents by two separate groups of threat actors, each of which have used the functionality of Microsoft's Office 365 platform to gain access to targeted organizations wit - 7d
- ciso2ciso.com - Ransomware Groups Abuse Microsoft Services for Initial Access - 7d
- CISO2CISO.COM & CYBER SECURITY GROUP - Sophos MDR's analysis of two ransomware campaigns exploiting Microsoft Teams. - 6d
- @jos1264 - Ransomware Groups Abuse Microsoft Services for Initial Access – Source: www.securityweek.com - 6d
- go.theregister.com - That invitation to a Teams call on which IT promises to mop up a spamstorm may not be what it seems Two ransomware campaigns are abusing Microsoft Teams to infect organizations and steal data, and the - 6d
- securityonline.info - Sophos X-Ops has uncovered two distinct ransomware campaigns to infiltrate organizations via Microsoft Office 365 and Teams. - 6d
- CISO2CISO.COM & CYBER SECURITY GROUP - Two ransomware groups abuse Microsoft’s Office 365 platform to gain access to target organizations - 5d
Classification:
- HashTags: Ransomware MicrosoftTeams Vishing
- Company: Microsoft
- Target: Organizations
- Product: Teams
- Feature: Teams
- Type: Ransomware
- Severity: Major