Microsoft deflects Doppelpaymer/Teams rumors

Microsoft’s security team defended its Teams communication platform saying it has found no connection between the app and the distribution of Dopplepaymer ransomware.

Simon Pope, director of incident response at the Microsoft Security Response Center, went to bat for Teams saying he wanted to squelch any rumors that link the spread of Doppelpaymer to the Microsoft chat platform.

“There is misleading information circulating about Microsoft Teams, along with references to RDP (BlueKeep), as ways in which this malware spreads. Our security research teams have investigated and found no evidence to support these claims. In our investigations we found that the malware relies on remote human operators using existing Domain Admin credentials to spread across an enterprise network,” Pope wrote in a blog post.

Cisco Talos reported in early November that Doppelpaymer had been used against two American manufacturers and was likely spread using a tech support scam that asked employees to execute specific commands or attempting to download the malware provided by the attacker. Doppelpaymer was named as the ransomware used in the attack on the Nunavut, Canada government offices.