Intrusions involving the new A0Backdoor malware have been targeted at financial and healthcare entities as part of a new phishing campaign exploiting Microsoft Teams, according to BleepingComputer.Threat actors who send a deluge of spam emails to organizations' employees later masquerade as corporate IT staff on Microsoft Teams to lure targets into permitting remote access under the guise of resolving the issue, a report from BlueVoyant showed. Approving a Quick Assist remote session would then allow the distribution of malicious MSI files purporting to be Teams components and the CrossDeviceService Windows tool, with subsequent DLL sideloading launching an illicit library that results in the eventual A0Backdoor extraction."The malware extracts and decodes the leftmost label to recover command/configuration data, then proceeds accordingly. Using DNS MX records helps the traffic blend in and can evade controls tuned to detect TXT-based DNS tunneling, which may be more commonly monitored," said BlueVoyant researchers, who have associated the attack techniques with the dismantled Black Basta ransomware operation.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
Related Terms
AdwareYou can skip this ad in 5 seconds