Skype and Microsoft Teams accounts have been hacked, according to Tech Radar, which has led to malware named Darkgate spreading through the messaging platforms; the hacking incident started from July to September, according to a report by cybersecurity firm Trend Micro, which could only hypothesize as to how the hacking incident started.
Multiple accounts from both Skype and Microsoft Teams were hacked, and reasons for the hacking incident were assumed by the report as either compromised parent organization records or hacked credentials made available through underground forums.
The malware was spread by sending it in chat threads that would disguise a file containing it as a PDF file. According to Truesec, a Sweden-based cybersecurity firm, the messages used to trick the users into downloading the malware-filled file were made to be context-specific.
(Photo : Scott Barbour/Getty Images)
In this photo illustration, the logo of the internet communications company Skype is reflected in the eye of a woman looking at a computer screen, April 13, 2006 in London, England.
An observed instance within Microsoft Teams saw the message discussing, in what seems to be a vacation schedule of employees, how there are sudden changes to the planned schedule while attaching a file that supposedly contains the revised schedule.
Should they open the attached file, users will unconsciously download the Darkgate malware that opens the user's account and computer to various cyberattacks.
Darkgate malware, in particular, can hack the computer to remotely control the users' computers, track the users' specific pressed keyboard buttons, also known as keylogging, and steal information from the users' browsers.
Darkgate hacking incidents were reportedly detected in multiple regions, with the majority coming from the Americas with 41% of the detected cases, Asia, Middle East, and Africa accounting for 31% of the detected attacks, and Europe with the least at 28%.
Read Also: Lyca Mobile Confirms Customer Data Theft During Cyberattack
Hacking's True Purpose
The accounts used to send the messages in the chat thread are trusted sources, as per the Truesec report. The accounts were reportedly sold through the dark web in August 2023; it was confirmed that the sold accounts had been taken over by unidentified malware.
Trend Micro concludes that the hacked Skype and Microsoft Teams accounts were only an initial attack by the hackers. The organizations to which the unsuspecting users belonged were the actual target.
The objective remained to infiltrate the entire environment with possible cyberattacks against the organization, ranging from ransomware to crypto mining, depending on the threat organization that purchased or rented the DarkGate variation. It further hypothesized that the hacking incident could be linked to the Black Basta Ransomware based on the firm's data.
Cybersecurity Efforts Recommended
Skype and Microsoft Teams organization-run chat threads were recommended to remain vigilant against external messaging.
Organizations were asked to employ measures against external files, such as banning external domains, limiting attachments, and, if practical, putting scanning into place.
Truesec, on the other hand, stated that the attacks could be due to the inability of Safe Attachments and Safe Links, two current Microsoft Teams security features, to recognize or stop this attack.
The Sweden-based cybersecurity firm stated that the only current solution to stop this attack vector within Microsoft Teams was to only allow specific chat requests from particular external domains.
The Darkgate malware has been used to run numerous scripts and was originally discovered in 2018. As Trend Micro reported, a fresh version was released in May of this year and promoted on a Russian dark web forum.
Related Article: Sony Confirms Data Breach That Exposed Personal Information of Thousands in the US
