Microsoft Warns Against New Microsoft Teams Phishing Campaign
Microsoft issued a warning detailing a new Microsoft Teams targeted phishing campaign where corporate employees are targeted. The financially motivated threat actor perpetrating the campaign is Storm-0324. This hacker group initiates an initial compromise via email-based initial infection vectors and then distributes the payload to other hackers. Which often leads to follow-up attacks.
Storm-0324 was first observed in July 2023. Microsoft believes the group uses a tool called TeamPhisher to send links to a malicious SharePoint hosted file. TeamPhisher automates the exploitation of this vulnerability by enabling Teams tenant users to attach files to messages sent to external tenants. To better defend against phishing attacks in Microsoft Teams, Microsoft suspended identified accounts and tenants associated with inauthentic or fraudulent behavior.
There are a few tips your business can follow to reduce your risk of compromise including:
- Restrict access for external Teams usage
- Restrict devices in your organization that can connect to Teams
- User education and awareness
- Safe links scanning
- Access management controls including least privileges and domain-wide, administrator-level service accounts
If you are using Microsoft 365 and Microsoft Teams within your business, now is the time to review your security settings and ensure you are best protected from outside threats like Storm-0324. If you need help or are not sure where to start, let the expert team at 2W Tech help!