Fake IT bods on Microsoft Teams coax workers into installing malware


Cybercriminals are using fake IT support calls on Microsoft Teams to persuade employees to surrender control of their PCs before installing the EtherRAT remote access trojan, according to researchers at Palo Alto Networks’ Unit 42.

Victims receive a phishing email disguised as an employee survey before a follow-up Microsoft Teams call from someone claiming to be IT support. During the call, the attacker persuades the target to hand over remote control and install legitimate remote administration tools such as HopToDesk or AnyDesk. An MSI package is then downloaded, which installs the EtherRAT malware.

Read more…
Source:  The Register


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Belgium’s Econocom confirms cyber attack, no sensitive data disclosed

    August 24, 2023

    Belgian IT services firm Econocom on Thursday confirmed it is investigating a cyber attack it believes originated from a service provider working with some of its clients in France. Read more… Source: USNews  

  • Flax Typhoon using legitimate software to quietly access Taiwanese organizations

    August 24, 2023

    Microsoft has identified a nation-state activity group tracked as Flax Typhoon, based in China, that is targeting dozens of organizations in Taiwan with the likely intention of performing espionage. Flax Typhoon gains and maintains long-term access to Taiwanese organizations’ networks with minimal use of malware, relying on tools built into the operating system, along with ...

  • Lazarus Group’s infrastructure reuse leads to discovery of new malware

    August 24, 2023

    In the new Lazarus Group campaign we recently disclosed, the North Korean state-sponsored actor continues to use much of the same infrastructure despite those components being well-documented by security researchers over the years. Their continued use of the same tactics, techniques and procedures (TTPs) — many of which are publicly known — highlights the group’s confidence ...

  • CISA Releases Six Industrial Control Systems Advisories

    August 24, 2023

    CISA released six Industrial Control Systems (ICS) advisories on August 24, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-236-01 KNX Protocol ICSA-23-236-02 Opto 22 SNAP PAC S1 Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency Related story: CISA Adds Two Known Exploited Vulnerabilities to Catalog  

  • AI and the Five Phases of the Threat Intelligence Lifecycle

    August 24, 2023

    Artificial intelligence (AI) and large language models (LLMs) can help threat intelligence teams to detect and understand novel threats at scale, reduce burnout-inducing toil, and grow their existing talent by democratizing access to subject matter expertise. However, broad access to foundational Open Source Intelligence (OSINT) data and AI/ML technologies has quickly led to an overwhelming amount ...

  • Danish cloud host says customers ‘lost all data’ after ransomware attack

    August 23, 2023

    Cloud host CloudNordic says most of its customers have “lost all data with us” following a ransomware attack on its data center systems, including its backups. The Denmark-based cloud company said the ransomware attack began Friday, during which cybercriminals “shut down all systems,” including its website and email, and encrypted customer systems and websites. Read more… Source: TechCrunch