TechKnowmad
According to Tech Radar, hacked Skype and Microsoft Teams accounts, which has led to the spread of malware known as Darkgate across the messaging platforms; the hacking incident began between July and September, according to a report by the cybersecurity firm Trend Micro, which could only speculate as to how the hacking incident began. Tech Radar reported that the malware spread through the messaging platforms.
Table of Contents
Hacked Skype and Microsoft Teams accounts
Multiple accounts on Skype, as well as Microsoft Teams, were hacked, and the report speculated that the incident was caused by either compromised parent organization records or hacked credentials that were made available through underground forums. The evidence supported both of these hypotheses.
The malicious software was distributed by sending it in chat threads that would disguise a file containing it as a PDF file. This allowed the malware to spread quickly. According to Truesec, a cybersecurity company based in Sweden, the messages that were used to trick users into downloading the file containing malware were made to be context-specific.
A message was seen discussing, in what appears to be a vacation schedule of employees, how there have been sudden changes to the planned schedule while attaching a file that purportedly contains the revised schedule. This message was seen in an instance that was observed within Microsoft Teams.
In the event that users open the attached file, they will unknowingly download the Darkgate malware, which exposes the user’s account as well as their computer to a variety of cyberattacks.
The Darkgate malware, in particular, is capable of hacking into a computer in order to remotely control the computers of the users, track the specific keyboard buttons pressed by the users (a process known as keylogging), and steal information from the browsers used by the users.
According to reports, incidents involving Darkgate hacking were discovered in multiple regions, with the Americas being the source of the majority of the detected cases (41%), followed by Asia, the Middle East, and Africa (31%), and Europe (28%), which accounted for the fewest of the discovered attacks.
Read More: How to create strong passwords and prevent password hacking
Hacking’s True Purpose
According to the findings of the Truesec report, the accounts that were used to send the messages in the chat thread came from reliable sources. In August 2023, it was reported that the accounts were sold on the dark web; it was confirmed that the sold accounts had been taken over by unknown malware.
According to the findings of Trend Micro’s investigation, the compromised hacked Skype and Microsoft Teams accounts were just the hackers’ first attempt at breaking in. The unsuspecting users were not the intended target; rather, the organizations to which they belonged were.
The goal was still to infiltrate the entire environment with potential cyberattacks directed at the organization. These attacks could range from crypto mining to ransomware, depending on the threat organization that purchased or rented the variation of DarkGate. On the basis of the company’s data, it went on to propose the hypothesis that the hacking incident might have been connected to the Black Basta Ransomware.
Read More: 7 Best Ways to Secure Your Mobile Devices from Hackers
Cybersecurity Efforts Recommended
It was recommended that hacked Skype and Microsoft Teams organization-run chat threads remain vigilant against external messaging.
It was requested of organizations that they take precautions against external files, including the prohibition of external domains, the limitation of attachments, and the implementation of scanning procedures if these could be implemented.
Truesec, on the other hand, stated that the attacks could be due to the inability of Safe Attachments and Safe Links, two current security features of Microsoft Teams, to recognize or stop this attack. Safe Links and Safe Attachments are both included in Microsoft Teams.
According to the cybersecurity company based in Sweden, the only current solution to stop this attack vector within Microsoft Teams is to only allow specific chat requests from particular external domains. This solution is the only one that is currently available.
The malicious software known as Darkgate was found for the first time in 2018, and it has since been used to execute a large number of scripts. According to a report by Trend Micro, a new version was made available in May of this year and promoted on a forum located on the Russian dark web.