HomeWinBuzzer NewsMicrosoft Warns of Microsoft Teams “FakeUpdates” Attack Campaigns

Microsoft Warns of Microsoft Teams “FakeUpdates” Attack Campaigns

Microsoft says threat actors are using Microsoft Teams to carry out FakeUpdates campaigns against K-12 education organizations.


has been doing a lot this year to make stand out from the workplace collaboration/communication crowd. Despite several security improvements, the popular service is still a target for attacks. That makes sense considering how popular Teams is and that it integrates with and wider systems.

Microsoft researchers say threat actors are leveraging fake ads for Microsoft Teams to deploy backdoor attacks on victim machines. It seems the attacks are based on the Cobalt Strike to enter networks and install malware.

It is worth noting there is no direct issue within Microsoft Teams. Rather, attackers are using Teams to create legitimacy for their attack. Microsoft says customers should be aware of “FakeUpdates” campaigns.

Bleeping Computer found a security advisory by the company that warns customers. This advisory has not been made public by Microsoft. Instead, it is being sent privately to Teams customers.

FakeUpdates attacks work in a similar way to other phishing campaigns. Attackers target users by sending them something that looks legitimate, in this case a call to update Microsoft Teams. Unwitting victims will engage with the message and malware is installed on their system.


The report suggests threat actors are targeting K12 education organizations. Since the COVID-19 pandemic, these organizations have become heavily reliant on services like Microsoft Teams.

As noted, the attacks use the Cobalt Strike, which is a commodity attack-simulation that spreads malware. It is best known for ransomware attacks and has also been used to exploit the Zerologon vulnerability we have been tracking in recent months.

Organizations also can limit their attack surface to keep attackers at bay by blocking executable files that do not meet specific criteria or blocking JavaScript and VBScript code from downloading executable content, Microsoft advised.

Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News