Security News > 2023 > September > Microsoft Warns of New Phishing Campaign Targeting Corporations via Teams Messages

Microsoft is warning of a new phishing campaign undertaken by an initial access broker that involves using Teams messages as lures to infiltrate corporate networks.

"Beginning in July 2023, Storm-0324 was observed distributing payloads using an open-source tool to send phishing lures through Microsoft Teams chats," the company said, adding the development marks a shift from using email-based initial infection vectors for initial access.

Attack sequences mounted by the actor in the past have employed invoice- and payment-themed decoy email messages to trick users into downloading SharePoint-hosted ZIP archive files distributing JSSLoader, a malware loader capable of profiling infected machines and loading additional payloads.

The modus operandi has since received a facelift as of July 2023 wherein the phishing lures are sent over Teams with malicious links leading to a malicious ZIP file hosted on SharePoint.

It's worth noting that a similar technique was adopted by the Russian nation-state actor APT29 in attacks targeting about 40 organizations globally in May 2023.

"Because Storm-0324 hands off access to other threat actors, identifying and remediating Storm-0324 activity can prevent more dangerous follow-on attacks like ransomware," Microsoft further pointed out.

News URL

https://thehackernews.com/2023/09/microsoft-warns-of-new-phishing.html