Fake IT bods on Microsoft Teams coax workers into installing malware

Summary

Attackers are impersonating IT support staff on Microsoft Teams to trick employees into granting remote access to their systems. Once access is granted, they deploy the EtherRAT trojan, a type of malware that allows for remote control and data exfiltration.

IFF Assessment

FOE

This article describes a social engineering tactic that leads to malware deployment and potential system compromise, which is detrimental to defenders.

Defender Context

Defenders should be aware of evolving social engineering tactics that leverage trusted communication channels like Microsoft Teams. Training employees to verify the identity of IT support and to be cautious about granting remote access is crucial, especially when unsolicited requests are made.

Read Full Story →