A Microsoft warning has been issued about a new phishing campaign which is being undertaken by one of its first-level access brokers. This campaign uses Teams messages as lures to sneak into corporate networks to collect sensitive data.
Under the control of Google’s Threat Intelligence team, the cluster has been named Storm-0324, and it is closely monitored either under the name TA543 or Sigrid, as well as under the alias Storm-0324.
Security researchers at Microsoft have noticed that the financially motivated group Storm-0324 has started using Teams to target potential victims, which they believe is a means of gaining easy access to their computer systems.
As a payload distributor within the cybercriminal economy, Storm-0324 offers a service that is aimed at providing evasive infection chains as a means of propagating various payloads that are used in the manifestation of systems.
There are a variety of types of malware that have been identified in this study, including downloaders, banking trojans, ransomware, as well as modular toolkits such as Nymaim, Gozi, TrickBot, IcedID, Gootkit, Dridex, Sage, GandCrab, and JSSLoader.
This actor has used decoy emails referencing invoices and payments in the past to trick users into downloading SharePoint-hosted ZIP archive files with JSSLoader, a malware loader able to profile and load additional payloads on infected machines.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: