89/68 Thursday, March 6, 2025
Security researchers from Trend Micro have revealed a sophisticated cyberattack that uses social engineering tactics along with commonly used remote access tools to infiltrate target systems. This attack involves the BackConnect malware, which enables hackers to maintain continuous control over victims’ devices and steal sensitive data. Most incidents have occurred in North America since October 2024, with the United States being the most affected, reporting 17 cases, followed by Canada and the United Kingdom, each with 5 cases. In Europe, a total of 18 reports have been recorded.
Attackers use social engineering techniques to deceive victims into revealing critical information, such as Microsoft Teams credentials. They then exploit Quick Assist, a remote access tool, to escalate privileges and gain control over the system. Additionally, it was discovered that OneDriveStandaloneUpdater.exe, a legitimate OneDrive update tool, was used to load malicious DLL files from external sources, allowing attackers to easily access networks. After that, the BackConnect malware is deployed to control infected systems, with malicious files being hosted and distributed via misconfigured cloud storage services.
Researchers have also identified connections between BackConnect malware and the ransomware variants Black Basta and Cactus, which enable attackers to steal credentials and financial data. In particular, Black Basta caused damages of up to $107 million in 2023, primarily targeting the manufacturing, finance, and real estate industries. Meanwhile, leaked internal chat logs suggest that attackers are shifting towards Cactus ransomware, which could become a major cybersecurity threat in 2025.
Experts recommend that organizations strengthen their security measures, such as implementing multi-factor authentication (MFA), restricting the use of remote access software, and regularly reviewing cloud storage configurations. Additionally, training employees on phishing tactics and social engineering attacks can help reduce risks from evolving cyber threats.
Source https://www.infosecurity-magazine.com/news/attackers-exploit-microsoft-teams/
