Security News > 2023 > September > Microsoft Warns of New Phishing Campaign Targeting Corporations via Teams Messages
Microsoft is warning of a new phishing campaign undertaken by an initial access broker that involves using Teams messages as lures to infiltrate corporate networks.
"Beginning in July 2023, Storm-0324 was observed distributing payloads using an open-source tool to send phishing lures through Microsoft Teams chats," the company said, adding the development marks a shift from using email-based initial infection vectors for initial access.
Attack sequences mounted by the actor in the past have employed invoice- and payment-themed decoy email messages to trick users into downloading SharePoint-hosted ZIP archive files distributing JSSLoader, a malware loader capable of profiling infected machines and loading additional payloads.
The modus operandi has since received a facelift as of July 2023 wherein the phishing lures are sent over Teams with malicious links leading to a malicious ZIP file hosted on SharePoint.
It's worth noting that a similar technique was adopted by the Russian nation-state actor APT29 in attacks targeting about 40 organizations globally in May 2023.
"Because Storm-0324 hands off access to other threat actors, identifying and remediating Storm-0324 activity can prevent more dangerous follow-on attacks like ransomware," Microsoft further pointed out.
News URL
https://thehackernews.com/2023/09/microsoft-warns-of-new-phishing.html
Related news
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)
- Week in review: Microsoft fixes two exploited zero-days, SOC teams are losing trust in security tools (source)
- Black Basta poses as IT support on Microsoft Teams to breach networks (source)
- Black Basta ransomware poses as IT support on Microsoft Teams to breach networks (source)
- Black Basta operators phish employees via Microsoft Teams (source)
- Week in review: Windows Themes spoofing bug “returns”, employees phished via Microsoft Teams (source)