New Tool exploits Microsoft Teams in the wild Advisory

New-Tool-exploits-Microsoft-Teams-in-the-wild-Advisory

The red team of the U.S. Navy has recently introduced a new tool named “TeamsPhisher”. Its primary objective is to exploit a security vulnerability within Microsoft Teams, enabling it to circumvent restrictions on incoming files from external users, specifically those from targeted organizations or external tenants.

Researchers from Jumpsec, have discovered a straightforward method to deliver malware to an organization through Microsoft Teams, utilizing the application’s client-side protections. By modifying the ID in the POST request of a message, the tool can deceive the system into treating an external user as an internal one.

Details
The tool called TeamsPhisher is a Python-based application that offers a fully automated attack approach. It incorporates the attack concept developed by cybersecurity researchers at Jumpsec and utilizes functionalities from the ‘TeamsEnum’ tool. According to Alex Reid, the developer of TeamsPhisher, the tool allows users to provide an attachment, a message, and a list of target Teams users.

It proceeds by uploading the attachment to the sender’s Sharepoint and systematically iterating through the target list. TeamsPhisher begins by enumerating the target users to verify their existence and confirm their ability to receive external messages. Subsequently, it creates a new thread with the target user, resembling a “group” chat. This ingenious technique, suggested by @Medu554, involves including the target’s email twice, effectively bypassing the ‘Someone outside your organization messaged you, are you sure you want to view it’ splash screen, which might raise suspicion. Once the new thread is established between the sender and the target, the specified message, along with a link to the attachment in Sharepoint, is sent to the user.

After the initial message is sent, the created thread becomes visible in the sender’s Teams graphical user interface. If necessary, it can be manually interacted with on a case-by-case basis. This allows for flexibility and customization in handling individual threads as needed.

New-Tool-exploits-Microsoft-Teams-in-the-wild-AdvisoryDownload
Facebook
Twitter
LinkedIn
Pinterest
Constanza Rodriguez

Constanza Rodriguez

All Posts »

Leave a Reply

Your email address will not be published. Required fields are marked *

Top Recommended Posts

Undestanding the Open Cybersecurity Schema Framework by Paul Agbabian.
Undestanding the Open Cybersecurity Schema Framework by Paul Agbabian.
Threat Hunting Survival Guide by Microsoft Security Experts
Threat Hunting Survival Guide by Microsoft Security Experts
DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS – Classification, Attacks, Challenges and Countermeasures – CRC Press Book
DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS – Classification, Attacks, Challenges and Countermeasures – CRC Press...
Zero Trust Architecture
Zero Trust Architecture
Telecom Threat Detection via Stride Mapping Case Study
Telecom Threat Detection via Stride Mapping Case Study
Microsoft 365 and the NIST Cybersecurity Framework
Microsoft 365 and the NIST Cybersecurity Framework
Best 160 Cybersecurity Groups On LinkedIn by CyberDB
Best 160 Cybersecurity Groups On LinkedIn by CyberDB
Cyber Resilience via Cyber Insurance
Cyber Resilience via Cyber Insurance
Threat Hunting Playbooks for MITRE Tactics – Starting your first threat hunting today by PRASANNAKUMAR B MUNDAS
Threat Hunting Playbooks for MITRE Tactics – Starting your first threat hunting today by PRASANNAKUMAR...
Communicating the value of cybersecurity to boards and leadership – Seven strategies for life sciences and health care organizations.
Communicating the value of cybersecurity to boards and leadership – Seven strategies for life sciences...