ShellCodeX
Tools • Events • News • Insights
ShellCodeX Intelligence Brief
HIGH Cybersecurity

DragonForce links Backdoor.Turn to Microsoft Teams relays for stealth C2

Source headline: DragonForce Hackers Abuse Microsoft Teams Relays to Hide Backdoor.Turn C2 Traffic

Threat level High
Signal strength 75/100
Source confidence 1 source
Published 10 hours ago

Intelligence Summary

DragonForce ransomware affiliates are using a Go-based RAT named Backdoor.Turn to conceal command-and-control traffic. The malware hides C2 communications by abusing Microsoft Teams relay infrastructure. Symantec and Carbon Black observed the technique during targeting of a major U.S. services firm. This matters because blending traffic into legitimate collaboration channels can reduce detection and delay incident response. Organizations using Microsoft Teams should review for abnormal relay usage and backdoor indicators, and apply network monitoring and EDR coverage for suspected RAT activity.

Recommended Action

Review affected assets, schedule urgent remediation, and monitor related indicators.

Topics

#dragonforce #microsoft-teams #backdoor-turn #c2-evasion #go-malware #remote-access-trojan
Original reporting The Hacker News DragonForce Hackers Abuse Microsoft Teams Relays to Hide Backdoor.Turn C2 Traffic
Open original source

Related Pulse Signals

View all signals
Critical · Cybersecurity Gentlemen ransomware adds EDR-killing techniques to evade defenses Medium · Cybersecurity Nintendo confirms survey data theft via TinyPulse service High · Cybersecurity USB worm delivers clipboard-stealing crypto malware via Windows shortcuts High · Cybersecurity Microsoft traces Windows USB LNK clipper to Tor-based hidden-service C2