Attackers are abusing Microsoft Teams to send phishing messages, according to researchers at AT&T Cybersecurity. “While most end users are well-acquainted with the dangers of traditional phishing attacks, such as those delivered via email or other media, a large proportion are likely unaware that Microsoft Teams chats could be a phishing vector,” the researchers write. “Most Teams activity is intra-organizational, but Microsoft enables External Access by default, which allows members of one or
teams (3)
Microsoft reported on 02 August 2023 that they caught a known Russian government-linked hacking group using its Microsoft Teams chat app to phish for credentials at targeted organizations. According to a research report from their Threat Intelligence team, the hacking team is linked to the Foreign Intelligence Service of the Russian Federation (also known as the SVR) and has been caught targeting government, non-government organizations (NGOs), IT services, technology, discrete manufacturing, a
During their test, researchers from JUMPSEC managed to trick Microsoft Teams’ security mechanism into sending malware to the organization’s inbox by making it think that an external user was internal.
JUMPSEC’s Red Team members have discovered a security vulnerability in the External Tenants feature of Microsoft Teams that allows malware to be directly delivered to an organization’s employees. Attackers can inject malware into any system that uses Microsoft Teams’ default configurations and lev
