Fake IT support calls on Microsoft Teams push EtherRAT malware

Summary

Threat actors are impersonating IT support staff on Microsoft Teams to trick employees into downloading and installing the EtherRAT malware. This malware grants attackers initial access to corporate networks, posing a significant security risk.

IFF Assessment

FOE

This article describes a new social engineering tactic that leads to malware infection and network compromise, representing a direct threat to defenders.

Defender Context

Defenders should be aware of this evolving social engineering tactic, which leverages trusted communication channels like Microsoft Teams. Training employees to be highly skeptical of unsolicited IT support requests, even when they appear to come from within the organization, is crucial. Implementing robust endpoint detection and response (EDR) solutions and network monitoring can help detect and mitigate the impact of malware infections.

Read Full Story →