Microsoft has warned of a new phishing campaign from the “financially motivated” Storm-0324 threat actor which uses an open-source tool to send phishing lures through Microsoft Teams chats.
The goal is accessing corporate networks and enabling follow-on attacks like ransomware, i.e. handing off access to compromised networks to other threat actors. The campaign leverages the open-source TeamsPhisher tool to attach files to messages.
Microsoft says it has rolled out improvements to better defend against the threat and has suspended identified accounts. Microsoft also gives a list of recommendations to harden networks against Storm-0324 attacks on its website here.