Microsoft Teams
Fake IT support calls on Microsoft Teams push EtherRAT malware
Threat actors are abusing Microsoft Teams voice calls by impersonating corporate IT support staff to trick employees into installing the EtherRAT malware, giving attackers initial access to corporate networks. The campaign, reported by Palo Alto Networks’ Unit 42, combines phishing emails, Microsoft Teams voice calls, legitimate remote management tools, and a Node.js-based malware loader to […]
Microsoft adds smarter bot protection to Teams meetings
Microsoft has introduced a new Teams admin policy that allows organizers to prevent third-party bots from joining meetings without approval. This new feature was first announced in a March Microsoft 365 roadmap entry, when Microsoft said that it would be available across Windows, macOS, Android, and iOS platforms for worldwide standard multi-tenant and GCC cloud environments. Once […]
Ransomware gang abuses Microsoft Teams relays to hide malicious traffic
DragonForce ransomware used a custom malware named ‘Backdoor.Turn’ to hide command-and-control traffic inside Microsoft Teams relay infrastructure. The backdoor abuses the Traversal Using Relays around NAT (TURN) protocol used by Microsoft Teams to distribute messages when a direct connection to the client is unavailable (e.g., clients on a private network). DragonForce is a ransomware operation active since […]
Microsoft investigates Office Apps, Teams file access issues
Microsoft says an ongoing incident is preventing users of its Teams collaboration platform and Office for the web cloud-based productivity suite from opening files. “We’re investigating reports that some users are unable to open files in Office for the web or Microsoft Teams,” the company’s Microsoft 365 Status tweeted earlier. According to further information shared […]
Microsoft blames macOS update for undismissible Teams location prompts
Microsoft has confirmed user reports that the Teams team collaboration app is displaying non-dismissible location prompts on some macOS systems. According to affected Teams users, these non-dismissible prompts have been appearing on Mac devices running macOS versions 14 (Sonoma), 15 (Sequoia), and 26 (Tahoe) over the past week, asking for permission to use their location “for things […]
KongTuke hackers now use Microsoft Teams for corporate breaches
Initial access broker KongTuke has moved to Microsoft Teams for social engineering attacks, taking as little as five minutes to gain persistent access to corporate networks. The threat actor tricks users into pasting a PowerShell command that ultimately delivers the ModeloRAT, which has been previously seen in ClickFix attacks [1, 2]. Initial access brokers (IAB) like […]
Microsoft says backend change broke Teams Free chat and calls
Microsoft is working to resolve a known issue that prevents some Microsoft Teams Free users from chatting and calling others. Teams Free (also known as Teams for personal use) is a subscription-free version designed for individuals, families, and small community groups, which provides video conferencing, instant messaging, and collaborative file-sharing tools on mobile and desktop […]
Threat actor uses Microsoft Teams to deploy new “Snow” malware
A threat group tracked as UNC6692 uses social engineering to deploy a new, custom malware suite named “Snow,” which includes a browser extension, a tunneler, and a backdoor. Their goal is to steal sensitive data after deep network compromise through credential theft and domain takeover. According to Google’s Mandiant researchers, the attacker uses “email bombing” tactics to […]
Microsoft Teams to get efficiency mode on PCs with limited resources
Microsoft is preparing to roll out a new Efficiency Mode for Microsoft Teams for systems with limited CPU and memory resources to improve app responsiveness. As the company explained in a Tuesday message center update (MC1287373), this new performance-optimized experience will be enabled by default on eligible devices and will also improve meeting quality by […]
Microsoft: Teams increasingly abused in helpdesk impersonation attacks
Microsoft is warning of threat actors increasingly abusing external Microsoft Teams collaboration and relying on legitimate tools for access and lateral movement on enterprise networks. The hackers impersonate IT or helpdesk staff to contact employees through cross-tenant chats and trick them into providing remote access for data theft purposes. Microsoft has observed multiple intrusions with […]