Security firm Ontinue’s Cyber Defence Centre recently documented an incident in which attackers compromised systems using a combination of social engineering, vishing (voice phishing), and legitimate remote access tools. Security researchers at Trend Micro have also documented comparable attacks distributing DarkGate malware through Teams voice calls, where victims were instructed to download remote access applications like AnyDesk. A sophisticated multi-stage attack where threat actors leverage Microsoft Teams to deliver malicious payloads, establishing persistence and remote access to corporate networks. “The actor transmitted a PowerShell command directly via the Teams message and also utilised the QuickAssist remote tool to gain access to the target device remotely,” investigators noted. The attack began with the threat actor sending a Microsoft Teams message to the target containing a malicious PowerShell command. Security experts recommend that organizations block or uninstall Quick Assist and similar remote monitoring tools if they are not required. This new attack vector exploits Teams’ perceived security as an internal business application, allowing attackers to bypass traditional email security controls. This attack pattern aligns with techniques attributed to threat actor Storm-1811, known for leveraging vishing, Quick Assist, and social engineering tactics. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. This initial access phase exploited users’ trust in team communications, particularly when the threat actor impersonated IT support personnel. As more people use collaboration tools like Microsoft Teams, organizations need to understand that these tools can be at risk of attacks.
This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 02 Apr 2025 05:30:07 +0000