HomeMalware & ThreatsRussian ransomware hackers are pretending to be tech support on Microsoft Teams...

Russian ransomware hackers are pretending to be tech support on Microsoft Teams more frequently

Published on

spot_img

Russian cybercriminals have been found to be engaging in a new scam tactic by posing as tech support on Microsoft Teams in order to deceive victims into believing they have an IT issue. Once they gain the trust of their targets, these criminals then proceed to install ransomware on the victims’ computer networks. The British cybersecurity company Sophos recently reported on over 15 incidents where two separate groups utilized Microsoft Office 365’s default service settings to trick their way onto a victim’s system.

According to Sophos’ report, one of the attackers appears to have connections to a group previously identified by Microsoft as Storm-1811, known for conducting similar scams. The other group, believed to be mimicking the tactics of Storm-1811, is potentially linked to a cybercrime group known as FIN7. Sean Gallagher, principal threat researcher at Sophos X-Ops, explained that these new schemes came to light during an investigation into BeaverTail cases, which are associated with North Korean hackers conducting malicious activities.

The attackers operated their own Microsoft Office 365 service tenants to carry out their attacks and took advantage of a default Microsoft Teams configuration that allowed external users to initiate chats or meetings with internal users. In some instances, the communication was initiated through voice or video calls on Teams, with victims failing to pay close attention to the legitimacy of the calls, assuming they were from legitimate outsourced support providers.

The cybercriminals also utilized text messages within the Teams chat function, often containing links that would grant them remote control access to the victims’ devices. In one incident on U.S. Election Day, after the fake support staff gained remote screen control access, the attacker proceeded to execute malware, including a Java archive and Python code that mirrored tactics previously used by FIN7.

Sophos managed to protect the majority of the incidents, with one non-managed detection response customer experiencing data exfiltration but avoiding ransomware execution. The company advises organizations to restrict Teams calls from external sources and limit remote access applications to trusted partners to mitigate such threats. Additionally, they recommend implementing strict security measures to prevent unauthorized access to sensitive systems.

Overall, the rise of cybercriminals impersonating tech support on Microsoft Teams highlights the evolving tactics used by threat actors to exploit vulnerabilities and deceive unsuspecting victims. As organizations continue to adapt to remote work environments, it is imperative for them to remain vigilant and implement robust cybersecurity measures to safeguard against such sophisticated and malicious attacks.

Source link

Latest articles

Trend Micro Releases Open Source AI Tool Cybertron

In today's fast-paced digital world, the need for advanced cybersecurity measures has never been...

Ukraine Accuses Russia of Railway Hack, Describes It as Act of Terrorism

The recent cyber-attack that targeted Ukraine's railway systems and disrupted the online ticketing system...

Fortinet Improves OT Security Platform for Strengthening Critical Infrastructure against Cyber Threats

Fortinet, a leading cybersecurity solutions provider, has recently announced significant advancements to its Operational...

EP 157: Grifter – The Cyber Post

The annual hacker conference in Las Vegas known as Defcon is a significant event...

More like this

Trend Micro Releases Open Source AI Tool Cybertron

In today's fast-paced digital world, the need for advanced cybersecurity measures has never been...

Ukraine Accuses Russia of Railway Hack, Describes It as Act of Terrorism

The recent cyber-attack that targeted Ukraine's railway systems and disrupted the online ticketing system...

Fortinet Improves OT Security Platform for Strengthening Critical Infrastructure against Cyber Threats

Fortinet, a leading cybersecurity solutions provider, has recently announced significant advancements to its Operational...