Cybercriminals are using fake IT support calls on Microsoft Teams to persuade employees to surrender control of their PCs before installing the EtherRAT remote access trojan, according to researchers at Palo Alto Networks’ Unit 42.
Victims receive a phishing email disguised as an employee survey before a follow-up Microsoft Teams call from someone claiming to be IT support. During the call, the attacker persuades the target to hand over remote control and install legitimate remote administration tools such as HopToDesk or AnyDesk. An MSI package is then downloaded, which installs the EtherRAT malware.
Read more…
Source: The Register
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- France warns of APT31 cyberspies targeting French organizations
July 21, 2021
Today, the French national cyber-security agency warned of an ongoing series of attacks against a large number of French organizations coordinated by the Chinese-backed APT31 hacking group. “It appears from our investigations that the threat actor uses a network of compromised home routers as operational relay boxes in order to perform stealth reconnaissance as well as ...
- StrongPity APT Group Deploys Android Malware for the First Time
July 21, 2021
We recently conducted an investigation into a malicious Android malware sample, which we believe can be attributed to the StrongPity APT group, that was posted on the Syrian e-Gov website. To the best of our knowledge, this is the first time that the group has been publicly observed using malicious Android applications as part of ...
- DHS Announces New Cybersecurity Requirements for Critical Pipeline Owners and Operators
July 20, 2021
WASHINGTON – Today, in response to the ongoing cybersecurity threat to pipeline systems, DHS’s Transportation Security Administration (TSA) announced the issuance of a second Security Directive that requires owners and operators of TSA-designated critical pipelines that transport hazardous liquids and natural gas to implement a number of urgently needed protections against cyber intrusions. “The lives and ...
- Fortinet fixes bug letting unauthenticated hackers run code as root
July 20, 2021
Fortinet has released updates for its FortiManager and FortiAnalyzer network management solutions to fix a serious vulnerability that could be exploited to execute arbitrary code with the highest privileges. Both FortiManager and FortiAnalyzer are enterprise-grade network management solutions for environments with up to 100,000 devices. They are available as a physical appliance, as a virtual machine, ...
- Law firm Campbell Conroy & O’Neil warned clients of ransomware data breach
July 20, 2021
Law firm Campbell Conroy & O’Neil has warned of a breach from late February which may have exposed data from the company’s lengthy client list of big-name corporations including Apple and IBM. The breach, which was discovered on 27 February 2021 when a ransomware infection blocked access to selected files on the company’s internal systems, has ...
- TeamTNT Campaigns Emphasize Importance of Addressing Cloud Security Gaps
July 20, 2021
Having covered TeamTNT in several of our blog entries over the past couple of years, we embarked on a research that encompasses the malicious actor group’s campaigns, tools, and techniques in 2020 and early 2021. Although believed to have been active since 2011, TeamTNT stayed under the radar for many years before exploding onto the scene ...

