Hackers have been using Microsoft Teams to trick victims into granting remote access to their systems. According to Trend Micro analysis, this attack highlights the growing sophistication of social engineering tactics used by cybercriminals.
The attack began with a flood of phishing emails, followed by a Microsoft Teams call posing as an employee from a trusted client. The attacker instructed the victim to download a remote support application, initially proposing Microsoft Remote Support. When installation failed, they switched to AnyDesk, a legitimate remote desktop tool often exploited by cybercriminals.
Once AnyDesk was installed, the attacker gained control over the victim’s machine and deployed multiple suspicious files. These included Trojan.AutoIt.DARKGATE.D., which allowed remote control of the system, executed malicious commands, and connected to a command-and-control server.
To execute their plans, the attackers gathered detailed system information and network configurations using system commands like systeminfo, route print, and ipconfig /all. They saved this data in a file named 123.txt for further reconnaissance.
The malware employed defense evasion techniques, including identifying antivirus software on the system to evade detection. Malicious files were also downloaded and extracted into hidden directories on the compromised machine.
Fortunately, the attack was intercepted before any data exfiltration occurred. However, this incident underscores the critical need for robust security measures.
To counter such attacks, organizations should implement the following best practices:
– Verify third-party claims
– Control remote access tools
– Implement employee training programs to educate employees about social engineering tactics like phishing and vishing.
Source: https://cybersecuritynews.com/microsoft-teams-to-gain-remote-access