Security News > 2023 > September > Ransomware access broker steals accounts via Microsoft Teams phishing
Microsoft says an initial access broker known for working with ransomware groups has recently switched to Microsoft Teams phishing attacks to breach corporate networks.
"In July 2023, Storm-0324 began using phishing lures sent over Teams with malicious links leading to a malicious SharePoint-hosted file," Microsoft said on Tuesday.
According to Redmond, threat actors using these Teams phishing tactics are now recognized as "EXTERNAL" users when external access is enabled within an organization's settings.
After detecting Storm-0324's Teams phishing attacks, Microsoft suspended all tenants and accounts they used in the campaign.
Microsoft Teams phishing attack pushes DarkGate malware.
Russian hackers target govt orgs in Microsoft Teams phishing attacks.
News URL
Related news
- Black Basta operators phish employees via Microsoft Teams (source)
- Week in review: Windows Themes spoofing bug “returns”, employees phished via Microsoft Teams (source)
- Microsoft Ignite 2024 Unveils Groundbreaking AI, Security, and Teams Innovations (source)
- Microsoft disrupts ONNX phishing-as-a-service infrastructure (source)
- Microsoft 365 outage impacts Exchange Online, Teams, Sharepoint (source)
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- New Rockstar 2FA phishing service targets Microsoft 365 accounts (source)
- Nextcloud Talk: Open-source, GDPR-compliant alternative to Microsoft Teams (source)
- Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware (source)
- HubSpot phishing targets 20,000 Microsoft Azure accounts (source)