"Researchers Show Ways to Abuse Microsoft Teams Accounts for Lateral Movement"

Proofpoint researchers explored how attackers could abuse access to a Microsoft Teams account and discovered attack vectors that could allow hackers to move laterally by launching additional phishing attacks or tricking users into downloading malicious files. According to Proofpoint, about 40 percent of Microsoft 365 cloud tenant companies have seen at least one unauthorized login attempt to gain access to a user account via Microsoft Teams in the second half of 2022 using either the web or desktop clients. Although this is less than the percentage of organizations that saw malicious login attempts on their Azure Portal or Office 365 accounts, it is significant enough to indicate that attackers are particularly interested in Microsoft Teams. Access to a Teams account can be gained via an Application Programming Interface (API) token, stolen credentials, or an active session cookie. Once inside, attackers will likely access other services or target other users. This article continues to discuss the researchers' findings regarding how attackers can enable lateral movement within a network via a compromised Teams account.

CSO Online reports "Researchers Show Ways to Abuse Microsoft Teams Accounts for Lateral Movement"