Ransomware Exploits Microsoft Teams: New Threats Target Organizations
Cybersecurity News
|
Contributed by: Drex DeFord
Summary
Sophos Managed Detection and Response (MDR) has reported on two ransomware campaigns, labeled STAC5143 and STAC5777, that leverage Microsoft Teams vulnerabilities to breach organizational security. These campaigns exploit Teams' default settings that allow external users to engage with internal users, employing tactics such as spam emails and IT impersonation to convince victims to install harmful software. The STAC5143 campaign uses advanced tools like obfuscated JAR files and Python backdoors for system compromise, relying on covert methods to connect to command and control servers. In contrast, the STAC5777 campaign integrates malicious elements into legitimate software, notably by side-loading a harmful DLL through OneDriveStandalone.
