According to a report by AT&T Cybersecurity research, cybercriminals are using the Microsoft Teams platform for a new malware campaign. Instead of quoting researchers, the report states that hackers are using group chat requests in Microsoft Teams as new phishing attacks to send malicious attachments that can install DarkGate malware on victims’ systems.
The report claims that once the malicious software is installed on the victim’s system, it establishes contact with a command and control server. This server has already been identified by Palo Alto Networks as part of the DarkGate software infrastructure, reports Bleeping Computer. According to the report, hackers have successfully conducted this phishing campaign because Microsoft allows Teams users to send messages to other users by default.
Peter Boyle, Network Security Engineer at AT&T Cybersecurity, warns, “Unless it is absolutely necessary for daily business use, disabling external access in Microsoft Teams is recommended for most companies, as email is typically a more secure and closely monitored communication channel. As always, end users should be trained to pay attention to the source of unsolicited messages and should be reminded that phishing can take many forms beyond typical emails.”
During its earnings call for the second quarter of 2023, Microsoft announced that Teams has over 280 million monthly users. The popularity of this video conferencing service may be the reason why cybercriminals are exploiting the platform to target victims.
With the latest phishing campaign, DarkGate operators are attempting to spread malware through Microsoft Teams in attacks targeted at organizations where administrators haven’t secured users by disabling external access.
Similar campaigns were discovered in 2023, in which DarkGate software was distributed through compromised external Office 365 and Skype accounts.
What is DarkGate? A 2023 Kaspersky report also claims that DarkGate software has several capabilities. These include a hidden VNC service, tools to bypass Windows Defender, browser history theft tool, integrated reverse proxy server, file manager, and Discord token theft.
Times of India Gadgets Now Awards: Vote now and choose the best phones, laptops, and gadgets of 2023.
FAQ Section:
1. How do cybercriminals exploit the Microsoft Teams platform?
According to the AT&T Cybersecurity report, hackers send malicious attachments as group chat requests in Microsoft Teams, using them as phishing attacks.
2. What are the consequences of infecting a system with DarkGate malware?
After infecting a system, the malware establishes contact with a command and control server that is part of the DarkGate infrastructure. It is software that can cause various damages, such as data theft, bypassing security systems, and more.
3. Does Microsoft Teams allow sending messages to other users by default?
Yes, Microsoft allows Teams users to send messages to other users by default. This is one of the reasons why the phishing campaign is successful for hackers.
4. What is DarkGate software?
DarkGate is malicious software that has multiple capabilities, such as a hidden VNC service, tools to bypass Windows Defender, browser history theft tool, integrated reverse proxy server, file manager, and Discord token theft.
5. What recommendations are there for companies using Microsoft Teams?
It is recommended for companies to disable external access in Microsoft Teams unless it is absolutely necessary for daily business use. Users should also be trained to be cautious and pay attention to unsolicited messages, as phishing can take various forms.
Suggested Related Links:
– [https://www.microsoft.com]
– [https://www.kaspersky.com]
The source of the article is from the blog macholevante.com