Microsoft Threat Intelligence has observed Storm-1811 misusing the client management tool Quick Assist to target users in social engineering attacks that lead to malware like Qakbot followed by Black Basta ransomware deployment.
This is a simple case of a malicious actor asking for access, and the victim is handing access over. QuickAssist, ScreenConnect, TeamViewer, Teams, Zoom, etc all have been used for this purpose.
It no sounds like it starts with a vishing phone call. Lots of people will ask Microsoft to fix this somehow, but no one ever seems to blame the phone services or demand they fix it.
Couldn’t agree more. I have no idea why phone companies are not being held accountable for allowing this. For email, it’s a solved problem. Why not phone?
This is a simple case of a malicious actor asking for access, and the victim is handing access over. QuickAssist, ScreenConnect, TeamViewer, Teams, Zoom, etc all have been used for this purpose.
It no sounds like it starts with a vishing phone call. Lots of people will ask Microsoft to fix this somehow, but no one ever seems to blame the phone services or demand they fix it.
Couldn’t agree more. I have no idea why phone companies are not being held accountable for allowing this. For email, it’s a solved problem. Why not phone?