🟠 High  |  Source: The Register — Security


Attackers are impersonating IT helpdesk staff on Microsoft Teams to trick employees into granting remote access to their machines, then deploying the EtherRAT remote access trojan. The campaign, uncovered by Palo Alto’s Unit 42, exploits the inherent trust workers place in internal IT channels. This is a significant social engineering threat that bypasses technical controls by targeting human behaviour directly.

Security Architect’s Take: Restrict who can initiate external or guest Teams calls with employees, and enforce a policy requiring remote support sessions to be initiated only through your official ITSM platform — not ad-hoc Teams requests. Ensure EDR solutions are tuned to alert on remote access tool installation triggered via Teams processes, and consider disabling Teams guest and federated access if not operationally required.

Original advisory: Fake IT bods on Microsoft Teams coax workers into installing malware