Cybercriminals are using fake IT support calls on Microsoft Teams to persuade employees to surrender control of their PCs before installing the EtherRAT remote access trojan, according to researchers at Palo Alto Networks’ Unit 42.
Victims receive a phishing email disguised as an employee survey before a follow-up Microsoft Teams call from someone claiming to be IT support. During the call, the attacker persuades the target to hand over remote control and install legitimate remote administration tools such as HopToDesk or AnyDesk. An MSI package is then downloaded, which installs the EtherRAT malware.
Read more…
Source: The Register
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Michigan County Restores 80 Percent of Systems After Cyber Attack
June 27, 2024
The computer-aided dispatch system for Grand Traverse County’s 911 service is officially back online following a cyberattack that disabled the system and many other governmental services. “As of 2 p.m. yesterday, it was operational for all first responders,” said County Administrator Nate Alger at Wednesday’s county board meeting. “I know Cherry Festival is just three days ...
- Cyber attack ‘nothing to do with dispute’, says British Medical Association
June 27, 2024
The British Medical Association (BMA) has defended doctors striking at hospitals running at reduced capacity due to a significant cyber attack. While some junior doctors have been granted permission to return to work due to safety concerns, a number have continued with their industrial action at trusts in London hit by the attack. A senior BMA ...
- Federal Reserve “breached” data may actually belong to Evolve Bank
June 26, 2024
A shockwave went through the financial world when ransomware group LockBit claimed to have breached the US Federal Reserve, the central banking system of the United States. On LockBit’s dark web leak site, the group threatened to release over 30 TB of banking information containing Americans’ banking data if a ransom wasn’t paid by June 25. ...
- Ransomware disrupts South Africa’s national health lab
June 26, 2024
South Africa’s response to an ongoing Mpox outbreak is being stymied by a ransomware attack against its National Health Laboratory Service, which resulted in the deletion of backup servers and other parts of its system, hindering lab result dissemination since Saturday. While no patient information was noted to be impacted by the compromise, such an attack ...
- New SnailLoad side-channel attack detailed
June 25, 2024
SecurityWeek reports that website and content inferencing could be remotely conducted by threat actors without direct network traffic access via the new SnailLoad side-channel attack technique. Several latency measurements for websites and YouTube videos viewed by targets are being conducted by threat actors to establish digital fingerprints before luring targets to download files from a malicious ...
- LockBit hackers claim to have cracked the US Federal Reserve
June 25, 2024
The LockBit cybercrime gang has claimed to have stolen an enormous database from the US Federal Reserve, which includes sensitive banking information about American citizens – but the claim is being met with suspicion. Earlier this week, the infamous ransomware operator added the Fed on its data leak site, saying it had acquired an archive containing ...

