Microsoft claims that a ransomware group’s go-to initial access broker has lately turned to Microsoft Teams phishing assaults to infiltrate corporate networks.
Storm-0324, a malicious actor known to have previously used Sage and GandCrab ransomware, is the threat group responsible for this campaign’s financial motivations.
Additionally, after infiltrating business networks with the help of JSSLoader, Gozi, and Nymaim, Storm-0324 gave the famed FIN7 cybercrime group access.
On the networks of its victims, FIN7 (also known as Sangria Tempest and ELBRUS) was detected installing Clop ransomware. In the past, it was connected to the now-defunct BlackMatter and DarkSide ransomware-as-a-service (Raas) operations as well as the Maze and REvil malware read more Ransomware access broker steals accounts via Microsoft Teams phishing.
Stay informed with the best cybersecurity news and raise your cybersecurity awareness with our comprehensive coverage of the latest threats, breaches, and solutions.