1. Forum
  2. FidoNET
  3. CONSPRCY

  • MS Teams, other Win tools

    From Mike Powell@1:2320/105 to All on Tuesday, March 04, 2025 19:06:00
    Microsoft Teams and other Windows tools hijacked to hack corporate networks

    Date:
    Tue, 04 Mar 2025 16:27:00 +0000

    Description:
    Hackers are using benign Windows tools in malicious attacks, resulting in the deployment of advanced backdoors.

    FULL STORY ======================================================================
    - Trend Micro says hackers are using Microsoft Teams to get closer to their victims
    - Through social engineering, they obtain credentials to remote desktop solutions
    - This access is then used to drop advanced backdoors

    Hackers are using advanced social engineering tactics to try and get flawed
    old .DLL files onto peoples computers which, in turn, would allow them to
    drop backdoor malware .

    A new report from cybersecurity researchers Trend Micro claims the new attack starts on Microsoft Teams , where the crooks use impersonation to get close
    to the victims and trick them into providing a certain set of credentials. Through Quick Assist, or similar remote desktop tools, they gain access to
    the devices, where they sideload flawed .DLL files using OneDriveStandaloneUpdater.exe, a legitimate OneDrive update tool.

    These .DLL files then allow them to drop BackConnect, a type of remote access tool (RAT) that establishes a reverse connection from an infected device to
    an attacker's server, bypassing firewall restrictions. This allows attackers
    to maintain persistent access, execute commands, and exfiltrate data while evading traditional security measures.

    Commercial cloud solutions

    BackConnect is apparently hosted, and distributed, using commercial cloud storage tools.

    Trend Micro says the attacks started in October 2024, and have mostly focused on North America, where it observed 21 breaches - 17 in the US, five in
    Canada and the UK, and 18 in Europe. The researchers didnt say if the attacks were successful, or which industries they targeted most.

    Since most of the tools used in this campaign are legitimate (Teams, OneDriveStandaloneUpdater, Quick Assist), traditional antivirus or malware protection services will not suffice. Instead, businesses must educate their employees to spot social engineering attacks and report them in a timely fashion. Businesses could also enforce the use of multi-factor authentication (MFA) and limit access to remote desktop tools.

    Finally, they should audit cloud storage configurations to prevent
    unauthorized access, and monitor network traffic for suspicious connections, especially those going to known malicious C2 servers.

    Via Infosecurity Magazine

    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/microsoft-teams-and-other-windows-tools -hijacked-to-hack-corporate-networks

    $$
    --- SBBSecho 3.20-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)