The three constraints on Influence Operations - Digital Threat Digest
![Double circle designs part4](https://pgi.imgix.net/assets/uploads/images/Blog-posts/Double-circle-designs-part4.png?auto=compress%2Cformat&fit=crop&fm=webp&h=349&ixlib=php-3.1.0&upscale&w=349&tone=light)
There has been a recent uptick in the number of phishing campaigns happening over Microsoft Teams. Though there is a lack of publicly available information on attempts that have happened in the UK, Microsoft has issued an urgent alert warning of a highly sophisticated phishing campaign attributed to the well-known threat actor group Storm-0324.
Any organisation that uses Microsoft Teams may be vulnerable to these phishing attacks, but here’s what you should be on the lookout for and how you can mitigate risk to keep your organisation protected.
Phishing attacks use social engineering techniques to obtain targeted email addresses and then send phishing messages on Microsoft Teams (instead of the traditional email) to gain unauthorised access to an organisation's data. This is a less familiar attack vector, and one may users will not have been trained on previously.
These social engineering strategies often involve an attacker impersonating a trusted source, such as a colleague or boss. They can then send malicious files that stand a good chance of being opened, because the target doesn’t realise that the person who sent the file is not who they say they are, so the attacker can leverage the legitimate trust between colleagues.
For our more technical readers, threat actors use a range of malware in Teams phishing attacks, such as:
JSSLoader malware: This facilitates access to ransomware-as-a-service (RaaS). It allows malicious actors to exploit vulnerabilities and gain unauthorised access to systems. This could be done through TeamsPhisher, an open-source tool used to send deceptive messages containing malicious attachments to organisations that have enabled external communications in Teams. These phishing messages typically impersonate legitimate services like DocuSign or Quickbooks, often referencing invoices and payments to lure victims.
DarkGate Loader malware: DarkGate is a highly sophisticated malware distributed through phishing messages. It employs a multitude of evasion techniques, encrypts its strings (a set of characters within an encryption algorithm to make data appear random) to avoid detection, and is capable of data theft, privilege escalation, and system persistence. DarkGate is offered by an actor known as RastaFarEye and is primarily designed for penetration testing, featuring a broad array of capabilities and continuous updates, making it a persistent and substantial cybersecurity threat.
There are things you can do on an individual level and on an organisation-wide scale to ensure everyone works together to protect your organisation’s data.
For individuals:
For organisations:
We offer tailored assessments, including end-to-end support. Our technical experts can work closely with your internal team to ensure you are prepared for when a phishing attempt happens. Speak to us today to discuss how we can support you.
As I waited for my flight to be rescheduled during last week’s IT outage, I listened to fellow passengers wonder aloud how a company whose name has never hit their radar could have such an impact on such a spectrum of day-to-day matters.
If you don’t know who Nara Smith is, I’m sorry to say you may just be living under a rock. Nara Smith has simply taken over my Instagram and TikTok feed with her ‘what I cooked for my husband today’, ‘what my toddlers ate today’ or my favourite video format, ‘my husband was craving [insert insane request] so I made it from scratch’.
Explaining how digital incidents severely impact the real world can be difficult, but we are increasingly seeing cyber incidents that illustrate how malicious actors can impact our daily lives.