Security News > 2023 > September > Microsoft Teams phishing: Enterprises targeted by ransomware access broker

A threat actor known for providing ransomware gangs with initial access to enterprise systems has been phishing employees via Microsoft Teams.

Storm-0324 is a temporary name assigned by Microsoft to this particular threat actor and shows that the company has yet to reach high confidence about the origin or identity of the actor behind the operation.

Microsoft says that Storm-0324 started using phishing lures sent over Teams with malicious links leading to a malicious SharePoint-hosted file in July 2023 - though they don't say what malicious payload the file carried.

Defend your enterprise against Microsoft Teams phishing and ransomware.

"Because Storm-0324 hands off access to other threat actors, identifying and remediating Storm-0324 activity can prevent more dangerous follow-on attacks like ransomware," the researchers warned, and provided protection advice and hunting queries for enterprise defenders.

Microsoft previously said that the Microsoft Teams vulnerability that allows these attacks "Did not meet the bar for immediate servicing."

News URL

https://www.helpnetsecurity.com/2023/09/13/ransomware-microsoft-teams-phishing/