ShellCodeX
Tools • Events • News • Insights
ShellCodeX Intelligence Brief
HIGH Cybersecurity

DragonForce uses Microsoft Teams relay servers for Go backdoor C2

Source headline: Microsoft Teams Relay Servers Abused in DragonForce Ransomware Attack

Threat level High
Signal strength 70/100
Source confidence 1 source
Published 1 day ago

Intelligence Summary

The DragonForce ransomware operation has been linked to a Go-based backdoor. Instead of traditional C2 infrastructure, the malware leverages Microsoft Teams relay servers for command-and-control. This technique can help the attackers blend into legitimate collaboration traffic and reduce the chance of easy network detection. Successful C2 behavior supports follow-on ransomware activity and persistence. Organizations using Microsoft Teams should review detections for abnormal Teams-related communication patterns and tighten egress monitoring and logging.

Recommended Action

Review affected assets, schedule urgent remediation, and monitor related indicators.

Topics

#backdoor #command-and-control #dragonforce #microsoft-teams #ransomware
Original reporting SecurityWeek Microsoft Teams Relay Servers Abused in DragonForce Ransomware Attack
Open original source

Related Pulse Signals

View all signals
Critical · Cybersecurity Gentlemen ransomware adds EDR-killing techniques to evade defenses Medium · Cybersecurity Nintendo confirms survey data theft via TinyPulse service High · Cybersecurity USB worm delivers clipboard-stealing crypto malware via Windows shortcuts High · Cybersecurity Microsoft traces Windows USB LNK clipper to Tor-based hidden-service C2