“The attacks kicked off with the adversary sending phishing messages to our customers’ employees via Microsoft Teams,” ReliaQuest said to Cyber Security News. To defend against these attacks, security experts recommend implementing strict controls on external communications in Microsoft Teams, enabling multi-factor authentication, and conducting regular user awareness training. As remote work continues to be common practice, collaboration platforms like Microsoft Teams remain prime targets for attackers looking to bypass traditional email security measures and exploit employees’ trust in enterprise communication tools. Microsoft has acknowledged a significant increase in Teams phishing attacks since April 2024, which have led to numerous endpoint-related security incidents. The attacks, which represent an evolution in social engineering tactics, specifically target Windows systems through a novel technique that security experts are calling a significant threat to enterprise security. In March 2025, ReliaQuest discovered a complex attack chain involving Microsoft Teams phishing that deploys a previously unseen persistence method called TypeLib hijacking. What makes these attacks particularly concerning is the implementation of TypeLib hijacking, a persistence technique first theorized by security researchers but now observed in real-world attacks. The default configuration of Microsoft Teams, which permits calls and chats from external domains, has become a key vulnerability exploited by threat actors. The attackers pose as IT support personnel and send phishing messages to employees through Teams, exploiting the platform’s trusted status within organizations.
This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 15 Apr 2025 02:30:13 +0000