Hackers Attack Employees Over Microsoft Teams to Trick Them Into Granting Remote Access

Hackers Target Microsoft Teams After persuading staff members to grant remote access, the attackers are now using a recently discovered malware family known as A0Backdoor, according to BlueVoyant, which warns that a social engineering campaign abusing Microsoft Teams and Windows Quick Assist is developing once more. The activity is similar to strategies previously associated with Blitz Brigantine, also known as Storm-1811, a financially motivated cluster that Microsoft has connected to the Black Basta ransomware operations. Learn more about security auditing services.

Response to cyberattacks DDoS defense BlueVoyant claims that the attacks usually start with email bombing, in which a target is inundated with unsolicited messages before being contacted via Microsoft Teams by someone pretending to be internal IT support.

The attacker convinces the worker to open Quick Assist, a genuine Microsoft remote-support tool that enables screen sharing and device control, and offers to assist in resolving the email issue. Microsoft previously issued a warning about Storm-1811's use of the same strategy, sending calls and messages to Teams from fictitious help desk accounts before requesting access to Quick Assist, LinkedIn, and X for daily cybersecurity updates. To have your stories featured, get in touch with us.