Microsoft Teams Relay Servers Abused in DragonForce Ransomware Attack

https://www.securityweek.com/wp-content/uploads/2023/01/Cybersecurity_News-SecurityWeek.jpg

A new backdoor deployed as part of a recent DragonForce ransomware attack is using Microsoft Teams relay servers for command-and-control (C&C), according to Broadcom’s Symantec and Carbon Black threat hunter team.

The DragonForce group has been active since 2023, operating as a cartel structure and adopting highly advanced techniques in recent months, suggesting organizational maturity and significant resource allocation.

Tracked as Backdoor.Turn, the newly identified malware is written in Go and hides its C&C server communication as legitimate Microsoft Teams traffic in a sophisticated manner.

“Backdoor.Turn obtains an anonymous Teams visitor token from Microsoft’s Skype-backed identity services, uses a legitimate Microsoft TURN relay to set up the connection, and then runs a QUIC session to the attacker’s real [C&C] server,” the threat hunters note.

According to the researchers, this appears to be the first malware family to abuse the TURN relay infrastructure in this way.

“It is relatively unusual...

Copyright of this story solely belongs to securityweek.com. To see the full text click HERE

Read more

https://www.itvoice.in/wp-content/uploads/2026/07/Copy-of-Redington-2026-07-16T165049.712.jpg

Exclusive Interview with Kanakalata Narayanan on Building Responsible AI for the Future of Enterprise Engineering

In this exclusive interview with IT Voice, Kanakalata Narayanan, Vice President – Engineering, Ascendion, shares how AI is transforming enterprise engineering, legacy modernization, and delivery governance. She discusses the importance of responsible AI adoption, strong data foundations, human oversight, and outcome-driven execution as organizations scale AI across business-critical operations. IT Voice-