top of page
ALL POSTS
DragonForce Ransomware Exploits Microsoft Teams Relays to Conceal Malicious Command-and-Control Traffic
Key Findings DragonForce ransomware operators deployed Backdoor.Turn, a custom Go-based remote access trojan that conceals command-and-control traffic within Microsoft Teams relay infrastructure This marks the first publicly documented abuse of Microsoft's TURN relay servers by threat actors Attackers maintained network access for one to two months while evading detection by routing malicious traffic through legitimate Microsoft servers The group employed sophisticated defens
Jun 183 min read
UNC6692 Impersonates IT Helpdesk via Microsoft Teams to Distribute SNOW Malware
Key Findings UNC6692 is a previously undocumented threat group using Microsoft Teams to impersonate IT helpdesk staff and deploy custom SNOW malware Attack chain begins with email bombing campaigns followed by Teams-based social engineering to build false urgency Victims are tricked into clicking phishing links that download AutoHotkey scripts deploying SNOWBELT browser extension SNOW malware ecosystem is modular, including SNOWBELT backdoor, SNOWGLAZE tunneler, and SNOWBASIN
Apr 242 min read
bottom of page
