Skip to content
Gastronomic-Paradise

Unauthorized intrusions target Microsoft Teams, posing as fraudulent IT assistance

IT scams disguised as technical support are deceiving workers into downloading remote-access software through Microsoft Teams.

 and  Administrator
2 min read
Microsoft Teams users fall victim to fraudulent IT support scams
Microsoft Teams users fall victim to fraudulent IT support scams

Unauthorized intrusions target Microsoft Teams, posing as fraudulent IT assistance

In a concerning development, a group known as EncryptHub, also identified as LARVA-208 or Water Gamayun, has been observed launching phishing attacks on Microsoft Teams. This cybercriminal organisation has a history of targeting English-speaking IT staff, developers, and Web3 professionals.

The attacks, which have been linked to ransomware operations such as BlackBasta, DarkGate, and the Matanbuchus loader, are particularly insidious as they bypass traditional email defences by embedding themselves within trusted corporate workflows on Microsoft Teams.

To make their fake accounts appear more convincing, attackers are creating accounts that impersonate IT support staff, using names like "IT SUPPORT," "Help Desk," or department-based aliases. Some of these accounts even feature checkmark emojis to appear verified.

The objective of these phishing attacks is to establish control of a victim's machine by pushing employees to download remote access tools such as QuickAssist or AnyDesk. Once these tools are installed, threat actors can take full control of the system, deploy malware for stealing credentials, and establish persistence to maintain long-term access.

EncryptHub is a financially motivated actor known for combining social engineering with zero-day exploits and custom malware. Their past operations have demonstrated the reuse of static cryptographic constants, which is an operational weakness that can help defenders track their tooling over time.

In response to these threats, security teams are urged to monitor for unusual Teams activity, especially external communications that could conceal social engineering attempts. However, as of now, the search results do not contain information about who conducted the phishing campaign on Microsoft Teams discovered by Permiso.

Microsoft Teams, a platform for daily collaboration, has become deeply embedded in enterprise communication, making it an attractive target for phishing attacks. It is essential for organisations to remain vigilant and implement robust security measures to protect their systems and data from these threats.

Read also:

Related

Latest