Sophos has reported two new threat groups, STAC5143 and STAC5777, that are utilizing Microsoft Teams to target organizations. STAC5143 has connections to known groups like FIN7, while STAC5777 is recognized as Storm-1811 by Microsoft. These attacks leverage a default Teams configuration that permits external chats with internal users. Sophos has observed over 15 noted incidents in recent months, highlighting the rise of these tactics. Experts believe that traditional security measures are inadequate for detecting such attacks, making awareness crucial for businesses using Office 365.
While STAC5143 is a previously unreported threat, STAC5777 has been identified by Microsoft as Storm-1811. STAC5143 may have connections to a threat actor known also as FIN7, Sangria Tempest, or Carbon Spider.
We are publishing this in-depth report on both threat clusters to aid defenders in detecting and blocking these continuing threats, and to raise awareness of the spread of these tactics among organizations using the Office 365 platform.
Collection
[
|
...
]