Hackers hijack Microsoft Teams to spread malware to certain firms – find out if you’re at risk – TechRadar

  • Updated
  • 3 mins read


Published on: 2025-07-17

Intelligence Report: Hackers Hijack Microsoft Teams to Spread Malware to Certain Firms

1. BLUF (Bottom Line Up Front)

A sophisticated cyber campaign has been identified, leveraging Microsoft Teams to distribute malware, specifically targeting select firms. The malware, known as Matanbuchus, acts as a loader for Cobalt Strike and ransomware. The attackers employ social engineering tactics, posing as external team members to gain remote access. Immediate action is recommended to enhance cybersecurity measures and awareness among potential targets.

2. Detailed Analysis

The following structured analytic techniques have been applied to ensure methodological consistency:

Adversarial Threat Simulation

Simulations indicate that the adversaries are likely to continue exploiting communication platforms like Microsoft Teams due to their widespread use and inherent trust by users.

Indicators Development

Key indicators include unexpected remote access requests, unusual file downloads, and communication from unknown external team members.

Bayesian Scenario Modeling

Probabilistic models suggest a high likelihood of similar attacks targeting other widely used collaboration platforms, with potential escalation in ransomware deployment.

3. Implications and Strategic Risks

The campaign underscores a growing trend in cyber threats targeting remote work tools. This poses significant risks to corporate data integrity and operational continuity. The potential for cascading effects includes financial losses, reputational damage, and increased vulnerability to further cyberattacks.

4. Recommendations and Outlook

  • Implement robust multi-factor authentication and regular security training for employees to recognize social engineering tactics.
  • Enhance monitoring systems to detect and respond to anomalous activities promptly.
  • Best case: Increased awareness and improved security measures reduce the success rate of such attacks.
  • Worst case: Failure to address vulnerabilities leads to widespread data breaches and operational disruptions.
  • Most likely: Continued attempts by cyber adversaries with varying degrees of success, necessitating ongoing vigilance and adaptation.

5. Key Individuals and Entities

Michael Gorelik, Matanbuchus, Cobalt Strike, Black Basta

6. Thematic Tags

national security threats, cybersecurity, malware, social engineering, ransomware

Hackers hijack Microsoft Teams to spread malware to certain firms - find out if you're at risk - TechRadar - Image 1

Hackers hijack Microsoft Teams to spread malware to certain firms - find out if you're at risk - TechRadar - Image 2

Hackers hijack Microsoft Teams to spread malware to certain firms - find out if you're at risk - TechRadar - Image 3

Hackers hijack Microsoft Teams to spread malware to certain firms - find out if you're at risk - TechRadar - Image 4