1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Microsoft issues warning over Teams helpdesk impersonation attack

    From TechnologyDaily@1337:1/100 to All on Tuesday, April 21, 2026 12:00:26
    Microsoft issues warning over Teams helpdesk impersonation attacks hackers are 'blending into routine IT support activity' by abusing remote assistance access

    Date:
    Tue, 21 Apr 2026 10:45:00 +0000

    Description:
    Crooks are impersonating IT and reaching out via Teams, only to be granted access and steal data.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Tech Radar Pro Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Become a Member in Seconds Unlock instant access to exclusive member features. Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over. You are
    now subscribed Your newsletter sign-up was successful Join the club Get full access to premium articles, exclusive features and a growing list of member rewards. Explore An account already exists for this email address, please log in. Subscribe to our newsletter Microsoft warns Teams users of scammers abusing crosstenant chat feature Attackers impersonate IT staff, trick
    victims into granting remote access via Quick Assist Once inside, they use trusted tools to move laterally, install Rclone, and exfiltrate sensitive company data Microsoft has warned Teams users about fraudsters using the platform to access their corporate networks, deploy malicious code, and steal sensitive data.

    In a new in-depth security advisory published last weekend, Microsoft said it spotted scammers using the cross-tennant feature to initiate a chat even though they are not part of the victims organization. They impersonate IT or help desk staff, and try to convince their victims to grant them remote
    access to their computers using legitimate tools like Quick Assist. Article continues below You may like Watch out: hackers are hijacking Microsoft Teams messages to try and get access to your emails - here's what you need to look out for Watch out Microsoft Teams users - hackers are spreading a dangerous new phishing scam, here's what we know Microsoft Teams will soon warn you about possible brand spoof calls Not triggering alarms Quick Assist is a built-in Windows remote desktop management app that allows users to provide
    or receive remote technical support.

    Once they get access, the scammers would run legitimate, trusted programs but modify them to execute malicious code. From there, they move through the companys network using built-in tools like Windows Remote Management to reach important systems, such as domain controllers.

    From this initial foothold, attackers can leverage trusted tools and native administrative protocols to move laterally across the enterprise and stage sensitive data for exfiltrationoften blending into routine IT support
    activity throughout the intrusion lifecycle, the company said.

    Microsoft also said it observed the attackers installing common remote management tools and programs like Rclone, to collect and upload company data to cloud storage. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners
    or sponsors By submitting your information you agree to the Terms &
    Conditions and Privacy Policy and are aged 16 or over.

    This technique apparently works well because it relies on real tools and normal IT processes. The victims arent seeing any red flags, and actual IT
    and help desk teams are not being alerted to any extraordinary or suspicious activity. Instead of phishing emails, attackers use Teams messages, which can look like legitimate internal communication .

    While Teams does show warnings when someone from outside the company tries to make contact, it seems that the victims ignored the warnings and still agreed to give access. After getting in, attackers can quickly spread across the network, install more tools, and gather sensitive data. The exact steps may vary, but the goal is usually to maintain access and steal valuable information.

    Via BleepingComputer The best antivirus for all budgets Our top picks, based on real-world testing and comparisons

    Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/microsoft-issues-warning-over-teams-hel pdesk-impersonation-attacks-hackers-are-blending-into-routine-it-support-activ ity-by-abusing-remote-assistance-access


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)