Hackers impersonate Microsoft Teams help desk to breach corporate networks
Hackers are impersonating Microsoft Teams help desk workers to trick victims into installing data-stealing malware, researchers found.
Hackers are impersonating Microsoft Teams help desk workers to trick victims into installing data-stealing malware, according to a new report from Mandiant.
The campaign, attributed to a newly tracked threat cluster known as UNC6692, combines email flooding, phishing messages and malicious browser extensions to gain access to corporate systems, researchers at the Google-owned cybersecurity company said.
The operation begins with a large wave of emails designed to overwhelm a targeted inbox, after which the attacker reaches out via Microsoft Teams using an account outside the victim’s organization, posing as an IT support worker offering help with the email disruption.
Source: https://therecord.media/microsoft-teams-hackers-mandiant
Related breach coverage
- Ukrainian police detain hackers suspected of stealing thousands of Roblox accounts for resale2026-04-28
Police said on Monday the victims included both Ukrainian and foreign players whose accounts contained valuable digital items, rare equipment and in-game currency purchased with real money.
- GopherWhisper: new China-linked APT targets Mongolia with Go-based malware2026-04-26
ESET found a new China-linked APT, tracked as GopherWhisper, targeting Mongolia using Go-based malware, loaders, and backdoors. ESET researchers uncovered a new China-aligned APT group called GopherWhisper, targeting government institutions in Mongolia. The group’s arsenal includes a range of tools mainly written in Go, such as loaders and injectors, which are used to deploy multiple […]
- Microsoft says backend change broke Teams Free chat and calls2026-04-29
Microsoft is working to resolve a known issue that prevents some Microsoft Teams Free users from chatting and calling others. [...]
- China-linked hackers led phishing campaigns targeting journalists and activists, researchers say2026-04-28
The aim of the campaigns was to steal credentials and likely enable “follow-on operations in the interest of the Chinese government,” the report said.