Security News > 2023 > September > Microsoft Teams phishing: Enterprises targeted by ransomware access broker
A threat actor known for providing ransomware gangs with initial access to enterprise systems has been phishing employees via Microsoft Teams.
Storm-0324 is a temporary name assigned by Microsoft to this particular threat actor and shows that the company has yet to reach high confidence about the origin or identity of the actor behind the operation.
Microsoft says that Storm-0324 started using phishing lures sent over Teams with malicious links leading to a malicious SharePoint-hosted file in July 2023 - though they don't say what malicious payload the file carried.
Defend your enterprise against Microsoft Teams phishing and ransomware.
"Because Storm-0324 hands off access to other threat actors, identifying and remediating Storm-0324 activity can prevent more dangerous follow-on attacks like ransomware," the researchers warned, and provided protection advice and hunting queries for enterprise defenders.
Microsoft previously said that the Microsoft Teams vulnerability that allows these attacks "Did not meet the bar for immediate servicing."
News URL
https://www.helpnetsecurity.com/2023/09/13/ransomware-microsoft-teams-phishing/
Related news
- Microsoft Teams tactics, malware connect Black Basta, Cactus ransomware (source)
- Microsoft's End of Support for Exchange 2016 and 2019: What IT Teams Must Do Now (source)
- New Microsoft 365 outage impacts Teams, causes call failures (source)
- EncryptHub Deploys Ransomware and Stealer via Trojanized Apps, PPI Services, and Phishing (source)
- Microsoft: North Korean hackers join Qilin ransomware gang (source)
- Microsoft Warns of ClickFix Phishing Campaign Targeting Hospitality Sector via Fake Booking[.]com Emails (source)
- Microsoft’s new AI agents take on phishing, patching, alert fatigue (source)
- After Detecting 30B Phishing Attempts, Microsoft Adds Even More AI to Its Security Copilot (source)
- Microsoft: Windows CLFS zero-day exploited by ransomware gang (source)
- Microsoft: Windows CLFS Vulnerability Could Lead to ‘Widespread Deployment and Detonation of Ransomware’ (source)