Security News > 2023 > September > Microsoft Teams phishing: Enterprises targeted by ransomware access broker
A threat actor known for providing ransomware gangs with initial access to enterprise systems has been phishing employees via Microsoft Teams.
Storm-0324 is a temporary name assigned by Microsoft to this particular threat actor and shows that the company has yet to reach high confidence about the origin or identity of the actor behind the operation.
Microsoft says that Storm-0324 started using phishing lures sent over Teams with malicious links leading to a malicious SharePoint-hosted file in July 2023 - though they don't say what malicious payload the file carried.
Defend your enterprise against Microsoft Teams phishing and ransomware.
"Because Storm-0324 hands off access to other threat actors, identifying and remediating Storm-0324 activity can prevent more dangerous follow-on attacks like ransomware," the researchers warned, and provided protection advice and hunting queries for enterprise defenders.
Microsoft previously said that the Microsoft Teams vulnerability that allows these attacks "Did not meet the bar for immediate servicing."
News URL
https://www.helpnetsecurity.com/2023/09/13/ransomware-microsoft-teams-phishing/
Related news
- After Detecting 30B Phishing Attempts, Microsoft Adds Even More AI to Its Security Copilot (source)
- Microsoft: Windows CLFS zero-day exploited by ransomware gang (source)
- Microsoft: Windows CLFS Vulnerability Could Lead to ‘Widespread Deployment and Detonation of Ransomware’ (source)
- Tycoon2FA phishing kit targets Microsoft 365 with new tricks (source)
- Gamma AI Platform Abused in Phishing Chain to Spoof Microsoft SharePoint Logins (source)
- US indicts Black Kingdom ransomware admin for Microsoft Exchange attacks (source)
- Microsoft is killing Skype today, pushes users to Teams (source)
- New Microsoft 365 outage impacts Teams and other services (source)
- Microsoft Teams will soon block screen capture during meetings (source)