Microsoft Teams Phishing Lures Push Victims Toward Remote Access Tool Installation
ID: fba9ca56-9a2f-56dd-bb1b-1f64934ba8bd
STIX ID: report--fba9ca56-9a2f-56dd-bb1b-1f64934ba8bd
Feed Name: Cyber Press
This report details an ongoing, sophisticated phishing campaign using Microsoft Teams-themed lures to get corporate users to install a digitally signed installer for a legitimate remote access tool that is preconfigured to provide attackers immediate remote access. The operation leverages compromised small-business websites plus Cloudflare Workers for resilient hosting, employs anti-analysis checks (USB detection, debugger checks, long sleeps), targets role-specific teams, has been active for months, and recommends defenses focused on behavioral detection and strict application control.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
