Teams Social Engineering Attack: Threat Actors Impersonate IT to Steal Credentials via Quick Assist

Description

A sophisticated social engineering attack utilizing Microsoft Teams' new 'Chat with Anyone' feature has been uncovered. Threat actors impersonated IT support to trick users into initiating Quick Assist sessions, ultimately leading to credential theft and potential data exfiltration. The attack involved multiple stages, including phishing, malware deployment, and reconnaissance activities. An infostealer named 'updater.exe' was downloaded and executed during the process. The incident highlights the evolving tactics of cybercriminals exploiting legitimate collaboration platforms for malicious purposes. Organizations are advised to implement strict security measures, including disabling the feature through Teams Messaging Policies and adopting two-factor authentication and Zero Trust models.