TZUTC: -0500   
   MSGID: 330.consprcy@1:2320/105 2c2ccf72   
   PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0   
   TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   Microsoft Teams and other Windows tools hijacked to hack corporate networks   
      
   Date:   
   Tue, 04 Mar 2025 16:27:00 +0000   
      
   Description:   
   Hackers are using benign Windows tools in malicious attacks, resulting in the   
   deployment of advanced backdoors.   
      
   FULL STORY   
   ======================================================================   
    - Trend Micro says hackers are using Microsoft Teams to get closer to their   
   victims   
    - Through social engineering, they obtain credentials to remote desktop   
   solutions   
    - This access is then used to drop advanced backdoors   
      
   Hackers are using advanced social engineering tactics to try and get flawed   
   old .DLL files onto peoples computers which, in turn, would allow them to    
   drop backdoor malware .    
      
   A new report from cybersecurity researchers Trend Micro claims the new attack   
   starts on Microsoft Teams , where the crooks use impersonation to get close    
   to the victims and trick them into providing a certain set of credentials.   
   Through Quick Assist, or similar remote desktop tools, they gain access to    
   the devices, where they sideload flawed .DLL files using   
   OneDriveStandaloneUpdater.exe, a legitimate OneDrive update tool.    
      
   These .DLL files then allow them to drop BackConnect, a type of remote access   
   tool (RAT) that establishes a reverse connection from an infected device to    
   an attacker's server, bypassing firewall restrictions. This allows attackers   
   to maintain persistent access, execute commands, and exfiltrate data while   
   evading traditional security measures.   
      
   Commercial cloud solutions    
      
   BackConnect is apparently hosted, and distributed, using commercial cloud   
   storage tools.    
      
   Trend Micro says the attacks started in October 2024, and have mostly focused   
   on North America, where it observed 21 breaches - 17 in the US, five in    
   Canada and the UK, and 18 in Europe. The researchers didnt say if the attacks   
   were successful, or which industries they targeted most.    
      
   Since most of the tools used in this campaign are legitimate (Teams,   
   OneDriveStandaloneUpdater, Quick Assist), traditional antivirus or malware   
   protection services will not suffice. Instead, businesses must educate their   
   employees to spot social engineering attacks and report them in a timely   
   fashion. Businesses could also enforce the use of multi-factor authentication   
   (MFA) and limit access to remote desktop tools.    
      
   Finally, they should audit cloud storage configurations to prevent   
   unauthorized access, and monitor network traffic for suspicious connections,   
   especially those going to known malicious C2 servers.    
      
   Via Infosecurity Magazine   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/microsoft-teams-and-other-windows-tools   
   -hijacked-to-hack-corporate-networks   
      
   $$   
   --- SBBSecho 3.20-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/305 153/7715 154/110 218/700 226/30   
   SEEN-BY: 227/114 229/110 111 114 206 300 307 317 400 426 428 470 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 3634/12 5075/35   
   PATH: 2320/105 229/426