DragonForce Uses Microsoft Teams for Cyber Attacks

Cybercriminals associated with the DragonForce ransomware have developed a new method to obscure their activities. They are using a custom Go-based Remote Access Trojan (RAT) named Backdoor.Turn to disguise Command-and-Control (C2) traffic within the Microsoft Teams infrastructure. These findings come from security researchers at Symantec and Carbon Black, part of the Broadcom group. The attacks targeted a significant service company in the U.S. Details about the identity of the company have not been disclosed, but it is known to be a large organization that may handle sensitive data.

The use of Microsoft Teams as a disguise for C2 traffic presents a new challenge for the cybersecurity industry. Backdoor.Turn allows attackers to access the victim's systems unnoticed, steal data, or install additional malware. The choice of Microsoft Teams as a transmission method is particularly concerning, as many companies use this platform for internal communication and collaboration. This could lead to security measures aimed at detecting malware being bypassed. Security researchers have noted that the DragonForce group is increasingly employing sophisticated techniques to carry out their attacks.

Utilizing legitimate platforms like Microsoft Teams to transmit malicious traffic could significantly hinder detection by conventional security solutions. This may force companies to rethink their security strategies to defend against such threats. The attacks are part of a larger trend where cybercriminals attempt to obscure their activities by leveraging trusted platforms. Researchers warn that these tactics not only jeopardize the security of companies but could also undermine trust in widely used communication tools. The discovery of Backdoor.Turn may prompt other companies to review their security protocols.

Microsoft has responded to the threat and is working on measures to enhance the security of its platform. The company has already taken steps to monitor and report suspicious activities within Teams. However, these measures may not be sufficient to fully neutralize the threat posed by advanced attackers like DragonForce. The security situation is exacerbated by the fact that many companies lack the necessary resources to continuously monitor and protect their systems. The combination of limited budgets and the complexity of modern IT infrastructures makes it challenging for many organizations to defend against such attacks.

Experts recommend that companies invest in training and technologies to raise employee awareness of such threats. The DragonForce group is not the only one employing such methods. Other threat actors have used similar tactics to obscure their attacks. The security community is closely monitoring these developments to identify new trends and techniques used by cybercriminals. The constant adaptation of attackers requires a proactive approach to cybersecurity.

The discovery of Backdoor.Turn and the associated attacks highlight the need for companies to rethink their security strategies. The use of platforms like Microsoft Teams to transmit C2 traffic could become a new standard for cyberattacks. Security researchers advise regularly reviewing and adjusting security policies to address the ever-changing threats. The vulnerability exploited through the use of Microsoft Teams could have far-reaching consequences for companies reliant on this platform. Researchers from Symantec and Carbon Black have already recommended measures to minimize risks.

Companies should focus on implementing multi-layered security solutions to protect their systems. The exact number of affected systems and the potential impact on the targeted company are currently unclear. Security researchers are working to gather more information and analyze the attacks. The threat from DragonForce and similar groups remains high, and companies must stay vigilant to protect their data and systems. The vulnerability exploited by Backdoor.Turn could also affect other companies using Microsoft Teams.

Researchers warn that the threat is not limited to the targeted company. The use of Microsoft Teams as a transmission method for malicious traffic could prove to be a widespread issue affecting companies globally. Security researchers from Symantec and Carbon Black have described the discovery of Backdoor.Turn as a significant advancement in identifying cyber threats. These insights could help better understand and prevent future attacks. The exact functioning of the RAT and the methods employed by DragonForce are still under investigation.

The vulnerability exploited through the use of Microsoft Teams could have far-reaching consequences for companies reliant on this platform.

Researchers from Symantec and Carbon Black have already recommended measures to minimize risks.