Security News > 2023 > September > Ransomware access broker steals accounts via Microsoft Teams phishing
Microsoft says an initial access broker known for working with ransomware groups has recently switched to Microsoft Teams phishing attacks to breach corporate networks.
"In July 2023, Storm-0324 began using phishing lures sent over Teams with malicious links leading to a malicious SharePoint-hosted file," Microsoft said on Tuesday.
According to Redmond, threat actors using these Teams phishing tactics are now recognized as "EXTERNAL" users when external access is enabled within an organization's settings.
After detecting Storm-0324's Teams phishing attacks, Microsoft suspended all tenants and accounts they used in the campaign.
Microsoft Teams phishing attack pushes DarkGate malware.
Russian hackers target govt orgs in Microsoft Teams phishing attacks.
News URL
Related news
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)
- Ransomware attackers are “vishing” organizations via Microsoft Teams (source)
- Microsoft Teams phishing attack alerts coming to everyone next month (source)
- Criminal IP: Bringing Real-Time Phishing Detection to Microsoft Outlook (source)
- New 'Sneaky 2FA' Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass (source)
- Week in review: 48k Fortinet firewalls open to attack, attackers “vishing” orgs via Microsoft Teams (source)
- Microsoft: Russian-Linked Hackers Using 'Device Code Phishing' to Hijack Accounts (source)
- If you dread a Microsoft Teams invite, just wait until it turns out to be a Russian phish (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Microsoft's End of Support for Exchange 2016 and 2019: What IT Teams Must Do Now (source)