DragonForce Ransomware Abused Microsoft Teams to Hide Malware Activity
ID: 67e74f92-ec57-51fa-91bc-6b278f894121
STIX ID: report--67e74f92-ec57-51fa-91bc-6b278f894121
Feed Name: HackRead
Threat Score
A US services firm was compromised by the DragonForce ransomware group using a custom Go backdoor named Backdoor.Turn that hides command-and-control traffic by abusing Microsoft Teams' TURN relay infrastructure; attackers gained initial access (likely via SQL/MSSQL exploitation or brokered access), used DLL sideloading and BYOVD techniques, exploited multiple driver CVEs, stole data, and later deployed DragonForce ransomware while maintaining persistence and stealth.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
