Ransomware Groups Abuse Microsoft Services for Initial Access - SecurityWeek

Two threat actors, STAC5143 and STAC5777, are abusing Microsoft 365 services and exploiting default Microsoft Teams configurations to initiate conversations with internal users. They pose as tech support, gaining remote access to target machines and deploying malware for data theft and potential ransomware deployment. Organizations are advised to raise employee awareness of these tactics and potential social engineering attacks.