EtherRAT Spreads via Fake IT Support Calls on Microsoft Teams
Unit 42 uncovers Node.js-based RAT using Ethereum smart contracts for C2. Attackers impersonate IT staff on Teams calls to install remote access tools before deploying EtherRAT.
6 articles tagged with "Microsoft Teams"
Unit 42 uncovers Node.js-based RAT using Ethereum smart contracts for C2. Attackers impersonate IT staff on Teams calls to install remote access tools before deploying EtherRAT.
Symantec reveals ransomware group used Teams TURN relay infrastructure to mask command-and-control. First documented abuse of Teams relay for malware C2.
Iranian APT MuddyWater hijacked Microsoft Teams to harvest credentials via live screen-sharing, then dropped Chaos ransomware as a false flag to hide espionage. Rapid7 linked the campaign to 36 victims.
Google Cloud uncovers UNC6692, a threat actor impersonating IT helpdesk staff on Microsoft Teams to deploy the modular SNOW malware suite targeting senior executives.
Storm-1811 actors flood inboxes with spam, then call via Microsoft Teams posing as IT support. Quick Assist grants access for A0Backdoor deployment.
Tenants using default settings will get automatic protection against weaponizable file types and malicious URLs. Administrators who want to opt out must act before the rollout.