HomeWinBuzzer NewsMicrosoft Teams Exploited to Spread DarkGate Malware in Phishing Campaign

Microsoft Teams Exploited to Spread DarkGate Malware in Phishing Campaign

The cybersecurity landscape has experienced a significant breach as energy corporation Schneider Electric has been attacked by the Cactus ransomware.

-

The landscape has experienced a significant breach as energy corporation Schneider Electric has been attacked by the Cactus ransomware. In an alarming development, hackers have also begun leveraging Microsoft Teams to disseminate DarkGate malware through schemes, putting user security at risk. The FBI has shed light on a novel method in tech support scams — employing couriers to collect money directly from victims.

Schneider Electric Under Siege by Ransomware

A renowned energy company, Schneider Electric, has fallen victim to a attack orchestrated by the Cactus ransomware group. This sophisticated cyber threat has substantially hampered company operations, although the full extent of the impact remains under assessment. Ransomware is a type of malicious software that encrypts data on infected systems, demanding payment for the decryption key.

Teams, Microsoft's widely used communication platform with over 280 million monthly users, has been compromised by attackers. The adversary initiated over a thousand malevolent group chat invitations, as identified by AT&T Cybersecurity. Upon unsuspecting users accepting these invites, the threat actors employ deception to induce file downloads, disguised with deceptive file .

One commonly downloaded file named ‘Navigating Future Changes October 2023.pdf.msi' turns out to be a malicious executable. Once the DarkGate malware executes, it establishes a connection with its command-and-control server. Experts recommend disabling External Access in , except where essential, to avoid such vulnerabilities and ensuring diligent user education regarding phishing risks.

Since the disruption of the Qakbot botnet in August by international collaborative campaigns, cybercriminals have increasingly adopted the usage of DarkGate malware loader as their primary choice for initial corporate network access. In October, Security researchers at Trend Micro reported attacks launched by DarkGate malware perpetrators who have utilized accounts breached to infect targets through message-attached VBA loader script. 

In conclusion, as evolve, institutions and individuals alike must stay vigilant and employ robust cybersecurity measures. Attacks like those on Schneider Electric and through Microsoft Teams highlight the ongoing battle against digital threats and underscore the importance of cybersecurity in the modern world.

Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.