Crooks found a new way to collaborate using Teams – by hiding command-and-control traffic
Summary
Attackers have developed a new method to conceal command-and-control (C2) traffic within Microsoft Teams, making malicious communications appear as legitimate corporate collaboration. This technique leverages the ubiquity of Teams to hide malware activity, posing a significant challenge for detection and defense.
IFF Assessment
FOE
This article describes a new technique used by attackers to evade detection, which is detrimental to defenders.
Defender Context
Defenders need to be aware of how attackers are leveraging legitimate collaboration tools like Microsoft Teams to hide malicious traffic. This highlights the importance of advanced network traffic analysis and behavioral detection to identify anomalies that deviate from normal corporate activity within these platforms.