Summary: Sophos X-Ops has identified two ransomware campaigns, STAC5143 and STAC5777, targeting organizations through Microsoft Office 365 and Teams. These campaigns utilize tactics such as email bombing and Teams vishing to deploy ransomware and steal sensitive data. Both campaigns are linked to known threat actors, FIN7 and Storm-1811, who exploit Microsoft services to execute their attacks.

Threat Actor: FIN7, Storm-1811 | FIN7, Storm-1811
Victim: Various organizations | various organizations

Keypoints :

• Both campaigns leverage email bombing to overwhelm victims with up to 3,000 spam emails in an hour.
• Teams vishing tactics involve impersonating IT support to gain remote access under false pretenses.
• STAC5143 uses Java and Python malware for control and evasion, while STAC5777 employs interactive tactics to deploy malware and gather sensitive information.