Cybercriminals are using fake IT support calls on Microsoft Teams to persuade employees to surrender control of their PCs before installing the EtherRAT remote access trojan, according to researchers at Palo Alto Networks’ Unit 42.
Victims receive a phishing email disguised as an employee survey before a follow-up Microsoft Teams call from someone claiming to be IT support. During the call, the attacker persuades the target to hand over remote control and install legitimate remote administration tools such as HopToDesk or AnyDesk. An MSI package is then downloaded, which installs the EtherRAT malware.
Read more…
Source: The Register
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- JG Summit Holdings probing ‘possible’ cyber attack
August 9, 2024
Gokongwei-led conglomerate JG Summit Holdings Inc. is investigating an alleged cybersecurity attack which was claimed to have affected thousands of the company’s computers. RansomHub, which was supposedly responsible for the attack, expressed frustration over being ignored by JG Summit and was threatening to initiate additional attacks if its demands were not met, according to Deep Web ...
- Royal Ransomware Actors Rebrand as “BlackSuit”
August 8, 2024
The FBI and CISA recently published an update to the joint Cybersecurity Advisory “#StopRansomware: Royal Ransomware.” The updated advisory provides network defenders with recent and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with BlackSuit variants (previously Royal). FBI investigations identified these TTPs and IOCs as recently as July 2024. See ...
- UK: Woman arrested for ‘sharing inaccurate information about identity of Southport attacker’
August 8, 2024
A woman has been arrested in relation to a social media post containing ‘inaccurate information about the identity of the attacker’ in the Southport stabbings. The 55-year-old woman from near Chester, was arrested on Thursday (August 8). She was taken into custody on suspicion of publishing written material to stir up racial hatred and false communications. ...
- Russia: Massive DDoS attack on Kursk Region repelled
August 8, 2024
The Ministry of Digital Development, Communications and Mass Media of the Russian Federation has reported that a massive distributed denial-of-service (DDoS) attack on the Kursk Region’s local services has been successfully thwarted. “A massive DDoS attack on the regional services of the Kursk Region has been repelled and specialists have already restored all online activity,” the ...
- Greece leaves spy services unchecked on Predator hacks
August 7, 2024
Greece’s 2022 espionage scandal dubbed “Predatorgate” had everything: eavesdropping on politicians, journalists and judges, exports of shady software to dictatorial regimes and high-profile resignations. Fast-forward two years and everyone in government is off the hook. In a 300-page report seen by POLITICO, deputy prosecutor of the Supreme Court Achilles Zisis argued that a series of controversial ...
- Cloud Cover: How Malicious Actors Are Leveraging Cloud Services
August 7, 2024
The number of threat actors leveraging legitimate cloud services in their attacks has grown this year as attackers have begun to realize their potential to provide low-key and low-cost infrastructure. Traffic to and from well known, trusted services such as Microsoft OneDrive or Google Drive may be less likely to raise red flags than communications with ...

