Security News > 2023 > September > Microsoft Warns of New Phishing Campaign Targeting Corporations via Teams Messages
Microsoft is warning of a new phishing campaign undertaken by an initial access broker that involves using Teams messages as lures to infiltrate corporate networks.
"Beginning in July 2023, Storm-0324 was observed distributing payloads using an open-source tool to send phishing lures through Microsoft Teams chats," the company said, adding the development marks a shift from using email-based initial infection vectors for initial access.
Attack sequences mounted by the actor in the past have employed invoice- and payment-themed decoy email messages to trick users into downloading SharePoint-hosted ZIP archive files distributing JSSLoader, a malware loader capable of profiling infected machines and loading additional payloads.
The modus operandi has since received a facelift as of July 2023 wherein the phishing lures are sent over Teams with malicious links leading to a malicious ZIP file hosted on SharePoint.
It's worth noting that a similar technique was adopted by the Russian nation-state actor APT29 in attacks targeting about 40 organizations globally in May 2023.
"Because Storm-0324 hands off access to other threat actors, identifying and remediating Storm-0324 activity can prevent more dangerous follow-on attacks like ransomware," Microsoft further pointed out.
News URL
https://thehackernews.com/2023/09/microsoft-warns-of-new-phishing.html
Related news
- After Detecting 30B Phishing Attempts, Microsoft Adds Even More AI to Its Security Copilot (source)
- Tycoon2FA phishing kit targets Microsoft 365 with new tricks (source)
- Gamma AI Platform Abused in Phishing Chain to Spoof Microsoft SharePoint Logins (source)
- Microsoft is killing Skype today, pushes users to Teams (source)
- New Microsoft 365 outage impacts Teams and other services (source)
- Microsoft Teams will soon block screen capture during meetings (source)