Recent attacks have targeted Microsoft 365 and Microsoft Teams, exploiting default configurations to impersonate tech support and compromise employees. Two new ransomware groups, STAC5143 and STAC5777, have been identified as key actors behind these campaigns, reports SC Media.

STAC5143 relies on a combination of spam emails and deceptive Teams calls. These calls, pretending to be from a "Help Desk Manager," aim to gain remote screen control access, enabling the execution of commands and the deployment of backdoors. On the other hand, STAC5777 employs more hands-on tactics, tricking targets into installing Microsoft Quick Assist. This allows full device access, enabling reconnaissance, lateral movement, and attempts to deploy Black Basta ransomware.

Organizations are advised to review and strengthen their Microsoft Teams and 365 configurations, update cybersecurity training, and remain vigilant to suspicious activity to safeguard against these evolving threats.