Hackers Impersonate IT Teams on Microsoft Teams to Gain Remote Access

A new social engineering campaign is making waves as attackers leverage Microsoft Teams, a widely trusted collaboration tool, to impersonate internal IT support staff. The threat group known as EncryptHub sends fake support messages through Teams, requesting employees to approve or install updates. Once a user complies, the attackers gain remote access to the system, enabling them to install malware, exfiltrate data, or move laterally across networks. This tactic demonstrates how attackers are now turning to business communication platforms—once considered secure—as vectors for intrusion. Organizations are being urged to train employees to verify IT requests, adopt Zero Trust policies, and enable multi-factor authentication to minimize risks. The attack highlights how even trusted workplace tools can become weapons in the wrong hands.

Reference: cybersecuritynews