Truesec has posted a blog analyzing an observed phishing campaign utilizing Microsoft Teams to drop DarkGate Loader malware on victims’ networks.
Through the use of compromised Office 365 accounts from other organizations, the attackers sent communications with malicious .zip attachments, trying to take advantage of employees’ trust in Microsoft Teams messages. As seen in prior WaterISAC reporting, one major trend in 2023 is that threat actors are becoming more interested in Microsoft Teams as a vector to abuse trust and get clicks. Members utilizing Teams are urged to assess the risk to their configurations and follow Microsoft’s guidance of disabling external access (for organizations who do not need to communicate externally) or create narrow allow-lists with the external parties that they communicate with. Read more at Bleeping Computer.