Crime crew impersonates help desk, abuses Microsoft Teams to steal your data
Summary
A new threat group is impersonating help desk staff and using Microsoft Teams to trick users into downloading custom malware known as 'Snow'. This malware is designed to steal data from compromised systems. The attacks leverage social engineering tactics combined with novel malware.
IFF Assessment
This is bad news for defenders as it involves a new threat actor using common communication platforms for social engineering and deploying custom malware to steal data.
Defender Context
Defenders should be aware of this new tactic which abuses familiar collaboration tools like Microsoft Teams. Training users to be skeptical of unsolicited requests, especially those asking for credentials or prompting downloads from unknown sources, is crucial. Monitoring for unusual Teams activity and the presence of new, unknown executables on endpoints will be important detection strategies.