Cybercriminals found a new way to collaborate using Microsoft Teams

Source: The Register

Cybercrims deploying DragonForce ransomware appear to have gained access to a major U.S. services company's network, then spent two months up to no good while disguising their command-and-control activities as legitimate Microsoft Teams traffic. Researchers at security firm Symantec said the intrusion began with attackers gaining access to the victim's environment before deploying a custom Go-based backdoor, tracked as "Backdoor.Turn," to maintain communication with the compromised systems. Rather than reaching out to attacker-controlled infrastructure that might raise alarms, the backdoor hid its activity inside traffic associated with Microsoft's widely used collaboration platform. Symantec said this is the first known case of malware using this particular technique. Full Story