Threat actors are abusing Microsoft Teams group chat requests for phishing attacks in a bid to gain access to organisations’ where admins haven’t secured their tenants by disabling the External Access setting.
Attackers are using what appear to be compromised Teams user (or domain) to send thousands of group chat invites, a report from the Bleeping Computer said.
The invites are sent to targets, who are tricked into downloading a file using double extension named ‘Navigating Future Changes October 2023.pdf.msi,.
Once the malicious file is downloaded by the victim, it can reach out to its command-and-control servers, thereby granting access to the victim’s device.
(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)
Microsoft Teams has become an attractive target for threat actors due to its pool of 280 million monthly users.
Similar campaigns were observed last year when threat actors targeted Office 365 and Skype accounts.
Additionally, cyber criminals are also making use of initial access brokers -- threat actors specialising in infiltrating computer systems and networks -- to launch phishing attacks in a bid to gain access to corporate networks.
Organisations are advised to disable External Access in Microsoft Teams, unless absolutely necessary. Also, users should pay attention to invites and check the source of unsolicited messages.
