The DragonForce ransomware group used a custom malware called Backdoor.Turn to hide command-and-control traffic inside Microsoft Teams relay infrastructure during an intrusion at a U.S. services company, according to Symantec. DragonForce is a ransomware-as-a-service operation that has been active since 2023. The group provides affiliates with ransomware tools and supporting services in exchange for a share of ransom payments. First known abuse of Microsoft Teams TURN infrastructure “Backdoor.Turn obtains an anonymous Teams visitor token from … More
The post Cybercriminals mask malicious communications through Microsoft Teams relays appeared first on Help Net Security.
This article has been indexed from Help Net Security
Read the original article: