Security News > 2023 > September > Microsoft Teams phishing: Enterprises targeted by ransomware access broker
A threat actor known for providing ransomware gangs with initial access to enterprise systems has been phishing employees via Microsoft Teams.
Storm-0324 is a temporary name assigned by Microsoft to this particular threat actor and shows that the company has yet to reach high confidence about the origin or identity of the actor behind the operation.
Microsoft says that Storm-0324 started using phishing lures sent over Teams with malicious links leading to a malicious SharePoint-hosted file in July 2023 - though they don't say what malicious payload the file carried.
Defend your enterprise against Microsoft Teams phishing and ransomware.
"Because Storm-0324 hands off access to other threat actors, identifying and remediating Storm-0324 activity can prevent more dangerous follow-on attacks like ransomware," the researchers warned, and provided protection advice and hunting queries for enterprise defenders.
Microsoft previously said that the Microsoft Teams vulnerability that allows these attacks "Did not meet the bar for immediate servicing."
News URL
https://www.helpnetsecurity.com/2023/09/13/ransomware-microsoft-teams-phishing/
Related news
- Black Basta ransomware poses as IT support on Microsoft Teams to breach networks (source)
- Ransomware gang using stolen Microsoft Entra ID creds to bust into the cloud (source)
- Ransomware attackers hop from on-premises systems to cloud to compromise Microsoft 365 accounts (source)
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)
- Week in review: Microsoft fixes two exploited zero-days, SOC teams are losing trust in security tools (source)
- Microsoft says more ransomware stopped before reaching encryption (source)
- Microsoft: Ransomware Attacks Growing More Dangerous, Complex (source)
- Black Basta poses as IT support on Microsoft Teams to breach networks (source)
- Black Basta operators phish employees via Microsoft Teams (source)
- Week in review: Windows Themes spoofing bug “returns”, employees phished via Microsoft Teams (source)