DragonForce Ransomware Exploited Microsoft Teams to Hide in Attack Against Major Company

A ransomware group, DragonForce, exploited Microsoft Teams to infiltrate a major U.S. services firm undetected for two months. They used a Go-based Remote Access Trojan (RAT), dubbed Backdoor.Turn, to hide command and control (C&C) traffic by masquerading as legitimate Microsoft Teams traffic. Their tactics included exploiting a vulnerability in a Huawei driver, altering system configurations, and creating new user accounts for ongoing access. The attackers focused on data exfiltration and system encryption. The incident exemplifies advanced cyber tradecraft, showcasing the sophistication of modern ransomware attacks.