• About
  • Advertise
  • Privacy & Policy
  • Contact
Saturday, September 23, 2023
Earth-News
  • Home
  • Business
  • Entertainment
    Ticketmaster Acknowledges ‘Far More Registered Fans Than Tickets Available’ to Olivia Rodrigo Tour As Would-Be Attendees Lament Sky-High Prices

    Ticketmaster Acknowledges ‘Far More Registered Fans Than Tickets Available’ to Olivia Rodrigo Tour As Would-Be Attendees Lament Sky-High Prices

    Spotify’s Rumored ‘Supremium’ Tier Will Cost $19.99 Per Month, Include HiFi, and Offer ‘Advanced Mixing Tools,’ Code Suggests

    Spotify’s Rumored ‘Supremium’ Tier Will Cost $19.99 Per Month, Include HiFi, and Offer ‘Advanced Mixing Tools,’ Code Suggests

    Peso Pluma Cancels Mexican Concerts Following Cartel Death Threats

    Peso Pluma Cancels Mexican Concerts Following Cartel Death Threats

    YouTube Introduces Suite of AI-Powered Creation Tools

    YouTube Introduces Suite of AI-Powered Creation Tools

    Lizzo Faces Second Lawsuit Over Tour Work Environment — Allegations of Sexual Harassment, Disability Discrimination, Assault, and More

    Lizzo Faces Second Lawsuit Over Tour Work Environment — Allegations of Sexual Harassment, Disability Discrimination, Assault, and More

    A Bride Asks Groom and Guests to Wear Blindfolds as She Walks Down the Aisle, HERE’S WHY

    A Bride Asks Groom and Guests to Wear Blindfolds as She Walks Down the Aisle, HERE’S WHY

  • General
  • Health
  • News
    September Market Trends Reports drills down into oil and gas sales, plus more

    September Market Trends Reports drills down into oil and gas sales, plus more

    National Youth Games: Delta athletes urged to win 7th edition as gift to Gov. Oborevwori

    National Youth Games: Delta athletes urged to win 7th edition as gift to Gov. Oborevwori

    Benue govt. distributes relief materials to IDPs

    Benue govt. distributes relief materials to IDPs

    Police begin search for missing Ekiti varsity female undergraduate

    Police begin search for missing Ekiti varsity female undergraduate

    Army commander charges soldiers to remain disciplined, professional

    Army commander charges soldiers to remain disciplined, professional

    My goal now is to help Tinubu to succeed: Yahaya Bello

    My goal now is to help Tinubu to succeed: Yahaya Bello

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Tech
    Access Bank fails to double profits in H1 2023, despite 52% growth

    Access Bank fails to double profits in H1 2023, despite 52% growth

    A Somali-based bootcamp is teaching code to young people in native languages

    A Somali-based bootcamp is teaching code to young people in native languages

    New SASSA SRD contact channels for quick help

    New SASSA SRD contact channels for quick help

    Even the most popular femtech apps are still leaving African women behind

    Even the most popular femtech apps are still leaving African women behind

    Latest on using the KPLC self service 2023

    Latest on using the KPLC self service 2023

    Meituan Delivery Takes Four Months to Expand From Kowloon to Hong Kong Island

    Meituan Delivery Takes Four Months to Expand From Kowloon to Hong Kong Island

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
  • Home
  • Business
  • Entertainment
    Ticketmaster Acknowledges ‘Far More Registered Fans Than Tickets Available’ to Olivia Rodrigo Tour As Would-Be Attendees Lament Sky-High Prices

    Ticketmaster Acknowledges ‘Far More Registered Fans Than Tickets Available’ to Olivia Rodrigo Tour As Would-Be Attendees Lament Sky-High Prices

    Spotify’s Rumored ‘Supremium’ Tier Will Cost $19.99 Per Month, Include HiFi, and Offer ‘Advanced Mixing Tools,’ Code Suggests

    Spotify’s Rumored ‘Supremium’ Tier Will Cost $19.99 Per Month, Include HiFi, and Offer ‘Advanced Mixing Tools,’ Code Suggests

    Peso Pluma Cancels Mexican Concerts Following Cartel Death Threats

    Peso Pluma Cancels Mexican Concerts Following Cartel Death Threats

    YouTube Introduces Suite of AI-Powered Creation Tools

    YouTube Introduces Suite of AI-Powered Creation Tools

    Lizzo Faces Second Lawsuit Over Tour Work Environment — Allegations of Sexual Harassment, Disability Discrimination, Assault, and More

    Lizzo Faces Second Lawsuit Over Tour Work Environment — Allegations of Sexual Harassment, Disability Discrimination, Assault, and More

    A Bride Asks Groom and Guests to Wear Blindfolds as She Walks Down the Aisle, HERE’S WHY

    A Bride Asks Groom and Guests to Wear Blindfolds as She Walks Down the Aisle, HERE’S WHY

  • General
  • Health
  • News
    September Market Trends Reports drills down into oil and gas sales, plus more

    September Market Trends Reports drills down into oil and gas sales, plus more

    National Youth Games: Delta athletes urged to win 7th edition as gift to Gov. Oborevwori

    National Youth Games: Delta athletes urged to win 7th edition as gift to Gov. Oborevwori

    Benue govt. distributes relief materials to IDPs

    Benue govt. distributes relief materials to IDPs

    Police begin search for missing Ekiti varsity female undergraduate

    Police begin search for missing Ekiti varsity female undergraduate

    Army commander charges soldiers to remain disciplined, professional

    Army commander charges soldiers to remain disciplined, professional

    My goal now is to help Tinubu to succeed: Yahaya Bello

    My goal now is to help Tinubu to succeed: Yahaya Bello

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Tech
    Access Bank fails to double profits in H1 2023, despite 52% growth

    Access Bank fails to double profits in H1 2023, despite 52% growth

    A Somali-based bootcamp is teaching code to young people in native languages

    A Somali-based bootcamp is teaching code to young people in native languages

    New SASSA SRD contact channels for quick help

    New SASSA SRD contact channels for quick help

    Even the most popular femtech apps are still leaving African women behind

    Even the most popular femtech apps are still leaving African women behind

    Latest on using the KPLC self service 2023

    Latest on using the KPLC self service 2023

    Meituan Delivery Takes Four Months to Expand From Kowloon to Hong Kong Island

    Meituan Delivery Takes Four Months to Expand From Kowloon to Hong Kong Island

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
Earth-News
No Result
View All Result
Home Tech

Storm-0324 gathers over Microsoft Teams

September 18, 2023
in Tech
Storm-0324 gathers over Microsoft Teams
Share on FacebookShare on Twitter

Table of Contents

  • An initial access broker associated with several different ransomware operations is now conducting Microsoft Teams phishing attacks
    • Why is this more dangerous than email phishing?

An initial access broker associated with several different ransomware operations is now conducting Microsoft Teams phishing attacks

Alex Scroxton

By

Alex Scroxton,
Security Editor

Published: 13 Sep 2023 12:08

A threat actor tracked in Microsoft’s taxonomy as Storm-0324 has been observed switching up its tactics to incorporate social engineering phishing attacks conducted via Microsoft Teams, Redmond has revealed.

Storm-0324, a so-called initial access broker (IAB), is linked to several prolific and dangerous ransomware operations, including some known to have deployed the Clop, Gandcrab, Maze and REvil lockers.

“Beginning in July 2023, Storm-0324 was observed distributing payloads using an open source tool to send phishing lures through Microsoft Teams chats,” wrote the Microsoft Threat Intelligence team.

“This activity is not related to the Midnight Blizzard social engineering campaigns over Teams that we observed beginning in May 2023. Because Storm-0324 hands off access to other threat actors, identifying and remediating Storm-0324 activity can prevent more dangerous follow-on attacks like ransomware.

From 2018 up until quite recently, the group’s activity has centred on distributing its malware, JSSLoader, on behalf of the ransomware-as-a-service (RaaS) actor Sangria Tempest – aka Elbrus, Carbon Spider, and FIN7 – using what Microsoft described as “highly evasive infection chains with payment and invoice lures” linking to a SharePoint site from whence the unwary download a malicious ZIP archive containing the payload.

But the threat actor now appears to be exploiting an issue in Teams that was first identified by Jumpsec researchers in June 2023, but left unpatched by Microsoft at the time, supposedly on the basis that it was not serious enough to fix right away.

This activity began in July – after the Jumpsec disclosure had received some attention – and likely involves the use of a publicly available tool called TeamsPhisher, a Python program that lets Teams tenant users attach files to messages sent to external tenants.

It is no stretch to see how this feature can be abused and this seems to be what Storm-0324 is doing, using it to send phishing lures leading to the malicious SharePoint site. Its lures are identified by the Teams platform as external ones, should external access be enabled, meaning they get through to potential victims quite easily.

Defenders have a number of options to harden their networks against these attacks, as set out by Microsoft.

“Microsoft takes these phishing campaigns very seriously and has rolled out several improvements to better defend against these threats,” the Threat Intel team wrote.

“In accordance with Microsoft policies, we have suspended identified accounts and tenants associated with inauthentic or fraudulent behaviour. We have also rolled out enhancements to the Accept/Block experience in one-on-one chats within Teams, to emphasise the externality of a user and their email address so Teams users can better exercise caution by not interacting with unknown or malicious senders.

“We rolled out new restrictions on the creation of domains within tenants and improved notifications to tenant admins when new domains are created within their tenant. In addition to these specific enhancements, our development teams will continue to introduce additional preventative and detective measures to further protect customers from phishing attacks.”

Why is this more dangerous than email phishing?

“This is a sophisticated phishing scam that will catch out many victims because they will not realise criminals can hijack on Microsoft Teams to carry out attacks,” said My1Login CEO Mike Newman.

Newman explained that while people tend to understand the techniques cyber criminals use to send phishing emails, Teams is more readily seen as an internal communications platform.

“Employees place more trust in the tool and are more likely to open and action documents they receive in chats,” he said.

“For organisations that are worried about this threat, it is essential to educate employees on all the different techniques criminals can use to launch phishing attacks – from emails, phone calls, SMS to messaging platforms.

“Furthermore, with many of these scams being developed to steal employee credentials, organisations can improve their defences by removing passwords from employee hands. This means even when highly sophisticated scams do reach user inboxes, they can’t be tricked into handing over their credentials because they simply do not know them,” he added.

Cofense senior cyber threat intelligence analyst Max Gannon added: “Chat systems such as Slack and Teams need to be acknowledged by organisations as something that poses the same threat level as credential phishing emails. Any system that can be manipulated to take advantage of a user’s trust can be used as a method of entry…. Treating any one source as being a non-issue or as having a negligible threat level can easily come back to haunt decision-makers.

“That said, training users in any one platform enables them to apply the same skills and skepticism to any other platform. These incidents really drive home the necessity of organisations using all the tools at their disposal to account for threats they haven’t even yet recognised.”

Read more on Web application security


Microsoft finds Storm-0558 exploited crash dump to steal signing key

AlexScroxton

By: Alex Scroxton


Okta: 4 customers compromised in social engineering attacks

ArielleWaldman

By: Arielle Waldman


Okta customers targeted in new wave of social engineering attacks

AlexScroxton

By: Alex Scroxton


Wiz warns of exposed multi-tenant apps in Azure AD

RobWright

By: Rob Wright

>>> Read full article>>>
Copyright for syndicated content belongs to the linked Source : Computer Weekly – https://www.computerweekly.com/news/366552053/Storm-0324-gathers-over-Microsoft-Teams

Tags: gathersstormtechnology
Previous Post

NCSC and ICO sign MoU to forge deeper collaborative links

Next Post

BianLian ransomware gang holds Save the Children hostage

Save $45 on these open-ear conduction stereo wireless headphones

Save $45 on these open-ear conduction stereo wireless headphones

September 23, 2023
In photos: Airbus Helicopters’ fancy flying machine, the H160

In photos: Airbus Helicopters’ fancy flying machine, the H160

September 23, 2023
The best workout apps for all kinds of exercisers

The best workout apps for all kinds of exercisers

September 23, 2023
The best cheap Android phones of 2023

The best cheap Android phones of 2023

September 23, 2023
Nature generates more data than the internet … for now

Nature generates more data than the internet … for now

September 23, 2023
Vinci/McAlpine JV to start £105m NHS rehabilitation centre

Vinci/McAlpine JV to start £105m NHS rehabilitation centre

September 23, 2023
Three giant lab buildings approved at £700m Oxford R&D district

Three giant lab buildings approved at £700m Oxford R&D district

September 23, 2023
Purdue University to Launch Trimble Technology Lab

Purdue University to Launch Trimble Technology Lab

September 23, 2023
Fantasy Alert: Browns’ Kareem Hunt to Play vs. Titans After Nick Chubb’s Knee Injury

Fantasy Alert: Browns’ Kareem Hunt to Play vs. Titans After Nick Chubb’s Knee Injury

September 23, 2023
Jets’ Aaron Rodgers Updates ‘Tough’ Achilles Rehab, Says Injury Is ‘Disappointing’

Jets’ Aaron Rodgers Updates ‘Tough’ Achilles Rehab, Says Injury Is ‘Disappointing’

September 23, 2023
Partenaires
afric.info
europ.info
usa-news
lesmeilleureschaussures.fr
goodsforyoutoday.com
looktopbeauty.com
keto-diet.biz
soccernews.info
nba-news.net
sportsprblog.com compar.biz
the-best.top
bestchoices.biz
expert-plus.fr
travel-mag.info
pksportsnews.com
news-sports.org

Categories

Archives

September 2023
M T W T F S S
 123
45678910
11121314151617
18192021222324
252627282930  
« Aug    
Earth-News.info

The Earth News is an independent English-language daily published Website from all around the World News

Browse by Category

  • Business (3,369)
  • Entertainment (3,417)
  • General (2,455)
  • Health (1,637)
  • News (3,866)
  • Science (2,657)
  • Sports (3,575)
  • Tech (2,617)

Recent News

Save $45 on these open-ear conduction stereo wireless headphones

Save $45 on these open-ear conduction stereo wireless headphones

September 23, 2023
In photos: Airbus Helicopters’ fancy flying machine, the H160

In photos: Airbus Helicopters’ fancy flying machine, the H160

September 23, 2023
  • About
  • Advertise
  • Privacy & Policy
  • Contact

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

Go to mobile version

Storm-0324 gathers over Microsoft Teams- https://news7.asia/   https://www.animaleries.info   https://www.comptoirdubagage.biz/   https://www.wa-news.com/   https://www.magasinjouet.net/   https://teenoi.net   https://paschers.info   https://www.1nfo.net   -/- J’ai encore menti !   Bensimon femme Sport Bag Sac bandouliere Orange (Coquelicot)   Asus ExpertCenter PB63: 1.35 liter mini PC debuts with support for 65 W Intel processors   Wimbledon 2023: British number one Cameron Norrie beats Tomas Machac to reach round two   Douyin Boosts Self-Operated E-Commerce with Launch of ‘Imported Supermarket’   -*-$$Antoine Dupont blessé : le capitaine du XV de France a été opéré et va pouvoir rejoindre les Bleus   Lampe de Scène, Lumière Fête 9W 9 couleurs Éclairage Soirée Boule Disco Avec Bluetooth Président sans fil de connexion…   Honte à l’“anti-rugby” de l’Angleterre, et vive les flamboyants “petits poucets”   Stormsure Stormproof Durable Hydrofuge (spray étanche) – 1L   Meilleurs choix d’appareils photo : Olympus OM-D E-M10 Mark II   $$* James Betterave Blanche It Betterave Organique 1L De Jus   Secret des Chefs Arome Naturel Grenadine 50 ml – Lot de 2   Storm-0324 gathers over Microsoft Teams *Storm-0324 gathers over Microsoft Teams