Cybercriminals are using fake IT support calls on Microsoft Teams to persuade employees to surrender control of their PCs before installing the EtherRAT remote access trojan, according to researchers at Palo Alto Networks’ Unit 42.
Victims receive a phishing email disguised as an employee survey before a follow-up Microsoft Teams call from someone claiming to be IT support. During the call, the attacker persuades the target to hand over remote control and install legitimate remote administration tools such as HopToDesk or AnyDesk. An MSI package is then downloaded, which installs the EtherRAT malware.
Read more…
Source: The Register
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Dark Web Shows Cybercriminals Ready for Olympics. Are You?
July 17, 2024
Major sporting events like the World Cup, Super Bowl, and Wimbledon attract millions, even billions, of viewers. Argentina’s shootout win over France in the final game of the Qatar 2022 World Cup reached a global audience of 1.5 billion viewers. And the Olympics, starting later this month in Paris, is the biggest of them all—with the ...
- New Attack Technique GrimResource Sweeps Through China with Fake Website
July 17, 2024
QiAnXin Threat Intelligence Center and Falcon Operations Team observed in their daily operations that in June 2024, several foreign counterparts reported in-the-wild attacks related to the new attack technique GrimResource. QiAnXin Threat Intelligence Center and Falcon Operations Team promptly conducted research on this technique and have been continuously monitoring it. In mid-July 2024, they discovered the ...
- Student who created malware worth £45k while living with parents is jailed
July 17, 2024
A university student who created malware targeting government websites while living with his parents has been jailed. Amar Tagore, 21, a third year university student, offered buyers malware (malicious software) to disrupt corporate and state-run websites, while living with his parents in Alexandria, West Dunbartonshire. He supplied a tool used by hundreds of online customers to ...
- London council slammed for ‘severe’ data breach in ‘avoidable’ cyber attack
July 17, 2024
Britain’s data watchdog has lambasted London’s Hackney Council for a cyber attack that “severely” impacted residents, saying the breach was “a clear and avoidable error.” In October 2020, hackers infiltrated Hackney’s systems, accessing, encrypting, and in some instances exfiltrating personal data. The compromised information included residents’ names, addresses, racial or ethnic origins, religious beliefs, sexual orientations, ...
- New Bugsleep Backdoor Deployed In Recent Muddywater Campaigns
July 15, 2024
MuddyWater, an Iranian threat group affiliated with the Ministry of Intelligence and Security (MOIS), is known to be active since at least 2017. During the last year, MuddyWater engaged in widespread phishing campaigns targeting the Middle East, with a particular focus on Israel. Since October 2023, the actors’ activities have increased significantly. Their methods remain consistent, ...
- Disney faces potential data breach, hacker group claims massive leak
July 15, 2024
The Walt Disney Company is reeling from a suspected cyberattack by a hacktivist group calling itself NullBulge, exposing a significant amount of sensitive information. NullBulge announced its exploit on 12 July on both the cybercrime forum Breach Forums and X/Twitter. The group said it infiltrated Disney’s internal Slack communication platform, leaking 1.2 terabytes of data online. Read ...

