Summary: Russian cybercriminals are executing a new scam by impersonating tech support on Microsoft Teams to install ransomware on victims’ networks. British cybersecurity firm Sophos reported over 15 incidents involving two groups leveraging Microsoft Office 365 settings for social engineering attacks. The report highlights connections between one group and Storm-1811, while the other may have ties to the FIN7 cybercrime group.
Threat Actor: Russian Cybercriminals | Storm-1811, FIN7
Victim: Various Organizations | various organizations
Keypoints :
- Cybercriminals pose as tech support on Microsoft Teams to gain access to victim networks.
- Attacks exploit default Microsoft Office 365 settings, allowing external users to initiate chats and meetings.
- Organizations are advised to restrict Teams calls from outside domains and limit remote access capabilities.
Source: https://therecord.media/fake-tech-support-russian-hackers-microsoft-teams