// #microsoft-teams

2 articles

KongTuke Initial Access Broker Pivots to Microsoft Teams Social Engineering — Five-Minute Corporate Compromise via ModeloRAT

Initial access broker KongTuke has updated its tradecraft to use Microsoft Teams as the primary social engineering vector, impersonating IT helpdesk personas to deliver ModeloRAT via Teams file transfers to targeted employees. The group achieves credential theft and establishes persistence within five minutes of initial Teams contact, then sells access to ransomware affiliates within 24 hours.

May 14, 2026 #kongtuke +4

🛡️ SecOps

UNC6692 Abuses Microsoft Teams to Deliver SNOW Malware via IT Help Desk Vishing

Threat actor UNC6692 is impersonating IT help desk staff via Microsoft Teams to socially engineer victims into installing SNOW malware. The campaign exploits trusted internal communication channels where detection tooling is typically absent — immediate Teams external access policy review is recommended.

Apr 24, 2026 #social-engineering +4