Reports indicate that initial access broker KongTuke has transitioned to using Microsoft Teams for executing social engineering attacks, enabling them to gain persistent access to corporate networks in as little as five minutes.
Victims are lured into pasting a PowerShell command, leading to the deployment of the ModeloRAT malware, previously associated with ClickFix attacks.
These initial access brokers typically sell network access to ransomware operators, facilitating the deployment of file-theft and data-encrypting malware.
Cybercriminals have increasingly leveraged Microsoft Teams in their attacks, masquerading as IT and help-desk staff to deceive employees into running malicious PowerShell commands.
Observations by ReliaQuest researchers reveal a shift in tactics for KongTuke, previously known for using web-based lures like “FileFix” and “CrashFix”.
Notably, KongTuke’s utilization of Microsoft Teams marks the first instance of them using a collaboration platform for initial access, supplementing their existing web-based approach.
Since April 2026, the campaign has been active, with KongTuke rotating through multiple Microsoft 365 tenants to evade detection.
To appear as legitimate IT support staff, the attacker employs Unicode whitespace tricks to manipulate display names.
The malicious PowerShell command shared via Teams downloads a ZIP archive from Dropbox containing a WinPython environment, ultimately launching the ModeloRAT malware.
This malware is capable of collecting system and user information, capturing screenshots, and exfiltrating files from the host filesystem.
Compared to previous operations, the ModeloRAT version used in the recent campaign features a more resilient C2 architecture, multiple access paths, and expanded persistence mechanisms.
Notably, the scheduled task used for persistence is not removed by the self-destruct routine, ensuring it can survive system reboots.
To counter Team-initiated attacks, it is advisable to restrict external Microsoft Teams federation using allowlists to block malicious attempts from the outset.
Administrators can also utilize indicators of compromise provided in ReliaQuest’s report to detect attacks, signs of compromise, and persistence artifacts.
AI chained four zero-days into one exploit that bypassed both renderer and OS sandboxes. A wave of new exploits is coming.
At the Autonomous Validation Summit (May 12 & 14), see how autonomous, context-rich validation finds what’s exploitable, proves controls hold, and closes the remediation loop.
Claim Your Spot
EU Takes Action Against Instagram and Facebook for Violating Illegal Content Rules
Warning: Facebook Creators Face Monetization Loss for Stealing and Reposting Videos
Facebook’s New Look: A Blend of Instagram’s Style
Facebook Compliance: ICE-tracking Page Removed After US Government Intervention
Facebook and Instagram to Reduce Personalized Ads for European Users
InstaDub: Meta’s AI Translation Tool for Instagram Videos
Reclaim Your Account: Facebook and Instagram Launch New Hub for Account Recovery
Meta discontinues Messenger apps for Windows and macOS
Subscribe to our weekly newsletter below and never miss the latest News or an exclusive offer.
