Hackers Attack Employees Over Microsoft Teams to Trick Them Into Granting Remote Access

BlueVoyant reports an ongoing social-engineering campaign where attackers impersonate IT support over Microsoft Teams and convince victims to use Quick Assist, then deploy digitally signed MSI installers that perform DLL sideloading to install a memory-resident backdoor named A0Backdoor which uses covert DNS MX lookups for command-and-control; the activity ties to prior Storm-1811/Black Basta operations and employs sophisticated anti-analysis and evasion techniques.