Microsoft Teams Users Exploited In Sophisticated Multi-Stage AI Attack
Microsoft Teams used in sophisticated hack attack.
Phishing attacks are getting increasingly sophisticated, from the use of smartphone farms to launch attacks, to hard to detect AI-driven threats, to the use of legitimate Microsoft 365 emails to bypass security controls. But the phishing attack is only the first stage of the process, as this multi-level hack attack targeting Microsoft Teams users demonstrates only too well.
Signed, side loaded and compromised. That's how security researchers at the Ontinue Cyber Defence Centre have described a sophisticated multi-stage attack that starts with a Microsoft Teams message delving a malicious PowerShell payload, and, by way of remote access tooling and living off the land binaries, gains initial access and the persistence through a JavaScript-based backdoor on victim devices.
'This attack chain highlights how a relatively simple vishing-based social engineering tactic can escalate into a full-scale compromise when paired with trusted tooling, signed binaries, and stealthy second-stage payloads,' the researchers warned.
Although the Ontinue researchers were unable to attribute the attacks with a high-level of confidence, they did find a number of striking similarities with a threat actor identified by Microsoft as Storm-1811.
The full technical details can be found in the report, but the researchers found that the attack started with the threat actors sending a message by way of Microsoft Teams creating an external chat. 'The actor transmitted a PowerShell command directly via the Teams message,' Ontinue said, 'and also utilised the QuickAssist remote tool to gain access to the target device remotely.'
The root cause of the incident was a video messaging attack, something that I have already reported is surging with an increase of 1633% in quarter one of 2025 alone. 'This attack chain highlights how a relatively simple vishing-based social engineering tactic can escalate into a full-scale compromise when paired with trusted tooling, signed binaries, and stealthy second-stage payloads,' Ontinue concluded.
I have reached out to Microsoft for a statement.
J Stephen Kowski, field chief technology officer at SlashNext Email Security+, said that real-time scanning across all communication channels, not just email, is essential since these attacks often start with social engineering before deploying malicious tools, such as sideloaded DLLs. 'Advanced protection that combines computer vision, natural language processing, and behavioral analysis can identify these sophisticated attacks even when they use legitimate-looking tools or QR codes,' Kowski concluded.
'The attacker sideloaded a malicious DLL that dynamically commandeered a trusted process, transforming routine remote support into a covert entry point,' Jason Soroko, a senior fellow at Sectigo, said. Calling every move made by the threat actor 'lean,' Soroko advised that security teams should be on the lookout for 'Microsoft Teams messages containing PowerShell commands, unexpected use of QuickAssist, and signed binaries running from nonstandard locations.'
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
25 minutes ago
- Yahoo
Palantir CEO Warns of AI Arms Race With China
Palantir (PLTR, Financials) CEO Alex Karp said Thursday that artificial intelligence poses serious risks and that the ongoing AI arms race will ultimately be won by either the United States or China. There are positive and negative consequences, and either we win or China will win, Karp told CNBC's Squawk on the Street. He emphasized that the U.S. currently holds an advantage due to corporate willingness to embrace new technologies, but said Western allies, particularly in Europe, are lagging behind and must learn from the U.S. approach. In the interview, Karp also addressed a recent New York Times report suggesting Palantir is assisting the Trump administration in gathering data on American citizens. He denied the claim, stating, We are not surveilling Americans. The Denver-based data analytics and AI software firm has gained 74% year to date as investors bet on the company's growing role in U.S. government contracts and defense applications. While the stock continues to outperform broader tech peers, Karp acknowledged investor concerns around its valuation. You don't like the price, exit, he said. This article first appeared on GuruFocus.
Yahoo
31 minutes ago
- Yahoo
You.com seeking $1.4bn valuation in new funding round
AI startup is in discussions to secure new funding at a valuation of $1.4bn, The Information reported. The Palo Alto-based startup, which focuses on AI search for business, plans to use the funds to bolster its AI assistant offerings. This development follows its shift from general-purpose AI search to work-related task assistance. The talks come after $50m Series B round in 2024, which included investments from Day One Ventures, DuckDuckGo, Gen Digital, Georgian, NVIDIA, Salesforce Ventures and SBVA. This round increased its total funding to $99m, elevating its valuation to between $700m and $900m. gained attention with the launch of ChatGPT in late 2022, capitalising on the interest in AI-powered search. However, interest waned as competitors such as Microsoft's AI-infused Bing and Google's advanced search responses gained traction. In response, repositioned itself as an AI assistant to enhance productivity while maintaining internet search capabilities. Founded in 2020 by former Salesforce AI leads Richard Socher and Bryan McCann, now highlights its ability to summarise information, answer questions, and support daily workflows. Richard Socher, CEO and chief scientist, said that the platform can generate text, write code, and interact with various tools for precise results, though he did not comment on the current fundraising plans. offers a premium plan at $15 per month (billed annually), providing access to AI models and productivity features, slightly undercutting competitors like Google, Microsoft, and OpenAI, which charge $20 monthly. In addition to its consumer-facing AI assistant, is expanding into the enterprise market. The company provides a suite of AI tools, including agents and APIs, to help organisations enhance employee productivity and explore new revenue opportunities. " seeking $1.4bn valuation in new funding round" was originally created and published by Verdict, a GlobalData owned brand. The information on this site has been included in good faith for general informational purposes only. It is not intended to amount to advice on which you should rely, and we give no representation, warranty or guarantee, whether express or implied as to its accuracy or completeness. You must obtain professional or specialist advice before taking, or refraining from, any action on the basis of the content on our site.
Yahoo
41 minutes ago
- Yahoo
‘Cable cowboy' to put 30,000 EV chargers on Britain's roads
'Cable cowboy' John Malone is bankrolling a deal to put 30,000 new electric vehicle (EV) chargers on Britain's roads. Liberty Global, which is controlled by the US billionaire, is spearheading a £300m investment in charge point operator Believ that will improve public access to chargers across the UK. The deal will deliver a major boost to the expansion of the UK's public charging network, which is a crucial factor in persuading drivers to switch to EVs. The Government has set a target of reaching 300,000 public charge points by the end of the decade, but drivers currently only have access to around 80,000. Believ will partner with both public and private sector organisations to roll out the new chargers where they are needed most. Most of the investment will go towards on-street, residential locations to help drivers without off-street parking transition to EVs. Funding will also be allocated to rapid and ultra-rapid charging hubs, as well as rural locations. Denver-based Liberty Global is controlled by Mr Malone, a Trump-supporting billionaire who is one of the largest individual landowners in the US. The 84-year-old holds a number of US media and entertainment assets, including Formula One. He is also a shareholder and board member at Warner Bros Discovery. An aggressive dealmaker, Mr Malone's holdings in paid TV and telecoms have earned him the nickname the 'cable cowboy'. Expansion into EV charging represents a new market for Mr Malone but builds on his other business interests. Believ partners with Virgin Media O2, which is also jointly owned by Liberty Global, to deploy its charging infrastructure. Guy Bartlett, the chief executive of Believ, said the funding 'recognises the scale of investment required and the urgency of the need'. He added: 'Confidence in EVs will continue to grow as drivers see more infrastructure going into the ground.' Figures published this week by the Society of Motor Manufacturers and Traders (SMMT) showed that one in five new cars sold in Britain were battery-powered. Sales have been boosted by heavy discounting, but a rise in EV chargers is also starting to pay off. A record of nearly 3,000 charging devices were added to Britain's roads in April, equivalent to one every 29 minutes. Lilian Greenwood, the roads minister, said: 'We're working hard to ensure all drivers can charge easily and conveniently – no matter where they are. 'Believ's investment is a brilliant vote of confidence in the transition to electric and another fantastic example of Government and industry working together to roll out tens of thousands of charge points across the country.' In addition to private funding, the Government has pledged £2.3bn to support the switch to EVs, with a £200m budget to help expand public charging and a dedicated £381m fund for local authorities. Zouk Capital, the private equity firm that jointly owns Believ alongside Liberty Global, is also contributing to the funding, alongside banks Santander, ABN Amro, NatWest and MUFG. Sign in to access your portfolio
