Microsoft has released a warning message to its Teams video conferencing customers amid ongoing attacks by a threat actor being tracked as Storm-0324, whereby phishing attacks lead to some pretty dangerous consequences.
Redmond’s researchers reveal that the group has been active since at least 2016, which means that over the course of around seven years, we have been able to draw some similarities between the group’s attacks.
The company says Storm-0324’s emails typically follow invoice and payment themes, mimicking services like DocuSign and Quickbooks. Microsoft itself has not been immune from attacks, as demonstrated in the latest Teams-focused attacks.
Another Teams phishing email
Analysts reckon that the group is abusing a Python program called TeamsPhisher, which was designed to let tenant users of the video conferencing software attach files to messages sent to external tenants.
Microsoft is most concerned about the ransomware attacks facilitated by the group’s phishing campaigns, stating that identifying and remediating Storm-0324’s activity is an important step in preventing “dangerous follow-on attacks.”
While the tech giant promises to be doing everything it can to eliminate such attacks, it advises that administrators can limit potentially destructive impacts by using the principle of least privilege, building credential hygiene, and following other company recommendations, even if attackers manage to gain initial access.
Microsoft Threat Intelligence has outlined several steps that companies and admins can take to protect themselves from these types of attacks in the supporting announcement.
The unfortunate reality is that some of the most sophisticated campaigns can catch even the most tech-savvy off guard, but there are some general pieces of advice that all consumers can follow in the face of rising cyber threats, including paying close attention to email details like the domain and address, and the grammar and layout of the content.
More from TechRadar Pro