logo

When “Hi, This Is IT” Comes Through Microsoft Teams

ID: 0105d13f-b4e7-5b1c-9dd8-f9682669ced5

STIX ID: report--0105d13f-b4e7-5b1c-9dd8-f9682669ced5

Feed Name: Palo Alto Networks Unit 42

Threat Score
70/100

Date Published: 2026-06-08

Date Updated: 2026-06-09

Author: Bill Batchelor

...
...

This advisory describes an increase in chat-based social engineering via Microsoft Teams—threat actors (including APT29/Cloaked Ursa and UNC6692) use external or compromised tenants, typosquatted domains, and impersonation of IT/helpdesk to trick users into approving MFA prompts or divulging credentials; telemetry shows collaboration-tool phishing rose to 42% of phishing alerts in early 2026. It recommends hardening Teams (restrict federation, block unmanaged accounts), strengthen identity controls (conditional access, JIT privileged access), expand phishing training to collaboration apps, and monitor/report suspicious external chats.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.