Cybercriminals are using fake IT support calls on Microsoft Teams to persuade employees to surrender control of their PCs before installing the EtherRAT remote access trojan, according to researchers at Palo Alto Networks’ Unit 42.
Victims receive a phishing email disguised as an employee survey before a follow-up Microsoft Teams call from someone claiming to be IT support. During the call, the attacker persuades the target to hand over remote control and install legitimate remote administration tools such as HopToDesk or AnyDesk. An MSI package is then downloaded, which installs the EtherRAT malware.
Read more…
Source: The Register
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Malawi: Cyber-attack hits immigration service
February 22, 2024
Malawi’s government has suspended the issuing of passports following a cyber-attack on the immigration service’s computer network. President Lazarus Chakwera told MPs that the targeting of the department amounted to a “serious national security breach”. He revealed that the hackers were asking for a ransom. But the president said the government would not give in to ...
- FBI issues warning against using Chinese manufactured drones
February 21, 2024
Chinese-manufactured unmanned aircraft systems (UAS), more commonly known as drones, continue to pose a significant risk to critical infrastructure and U.S. national security, according to an FBI advisory. While any UAS could have vulnerabilities that enable data theft or facilitate network compromises, the People’s Republic of China (PRC) has enacted laws that provide the government with ...
- A first analysis of the i-Soon data leak
February 21, 2024
Data from a Chinese cybersecurity vendor that works for the Chinese government has exposed a range of hacking tools and services. Although the source is not entirely clear, it seems that a disgruntled staff member of the group leaked the information on purpose. The vendor, i-Soon (aka Anxun) is believed to be a private contractor that ...
- re: Zyxel VPN Series Pre-auth Remote Command Execution
February 21, 2024
On January 25, 2024, SSD Secure Disclosure posted a disclosure titled Zyxel VPN Series Pre-auth Remote Command Execution. The writeup describes an unauthenticated remote command injection vulnerability affecting Zyxel VPN firewalls. That caught VulnCheck researchers attention. The Zyxel VPN series has appeared on the CISA KEV four times now, and the original disclosure didn’t mention a ...
- Australia: OAIC to investigate legal consultant’s data breach
February 21, 2024
The Australian Information Commissioner has launched an investigation into a law firm that provides legal and consulting services to the government, in relation to a data breach and the publication of some of that data on the dark web. At least 65 government entities were affected by the breach last year. The announcement on Wednesday follows ...
- Europol: Tips & advice to prevent ransomware from infecting your electronic devices
February 21, 2024
Ransomware is a type of malware that locks your computer and mobile devices or encrypts your electronic files, demanding a ransom payment through certain online payment methods (and by an established deadline) in order to regain control of your data. It can be downloaded through fake application updates or by visiting compromised websites. It can also ...

