> TritonInfoSec News
Home / Jun 18, 2026 / Story
0
#7 SecurityWeek general June 17, 2026 at 10:38 UTC

Microsoft Teams Relay Servers Abused in DragonForce Ransomware Attack

By Ionut Arghire

AI Summary

DragonForce ransomware operators abused Microsoft Teams relay servers for command-and-control, deploying a novel Go-based backdoor that blends C2 traffic with legitimate Teams infrastructure to evade detection. This technique complicates network-layer defenses that whitelist Microsoft services and signals an escalation in ransomware groups' abuse of trusted SaaS platforms.

Read full article → https://www.securityweek.com/microsoft-teams-relay…

Relevance score: 82.0/100

# More from June 18

  1. 1
    Massive breach spills credentials for thousands of sensitive networks Ars Technica Security
  2. 2
    FortiBleed leak exposes Fortinet VPN credentials for 73,000 devices. BleepingComputer
  3. 3
    Critical Fortinet FortiSandbox flaws now exploited in attacks BleepingComputer
  4. 4
    Microsoft Confirms RoguePlanet Defender Zero-Day, Says Patch is in Development The Hacker News
  5. 5
    144 Mastra npm Packages Compromised via Hijacked Contributor Account The Hacker News
  6. 6
    CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution The Hacker News
  7. 8
    GitHub dismissed security reports on flaws now exploited by supply-chain worm, researchers say The Record
  8. 9
    Critical Copilot vulnerability allowed hackers to seal 2FA code from users Ars Technica Security
  9. 10
    Malicious JetBrains Plugins Steal AI API Keys as Chrome Extensions Capture Chatbot Chats The Hacker News