TECH NEWS

Microsoft Teams users beware — relays hit by ransomware hackers looking to hide malicious traffic

https://cdn.mos.cms.futurecdn.net/GJ8T4oA8G7TYJwTEhkwJAF-2560-80.jpg
  • Symantec confirms DragonForce ransomware operators used Microsoft Teams TURN relays for covert C2 traffic
  • Custom Go‑based RAT “Backdoor.Turn” masked malicious activity as normal Teams communications
  • First in‑the‑wild use of “Ghost Calls” technique; campaign shows highly sophisticated tradecraft with Scattered Spider links

Experts have warned cybercriminals are using Microsoft Teams relays as command-and-control (C2) infrastructure, blending malicious traffic with benign corporate communications.

In Microsoft Teams, a relay is a server that helps carry audio and video traffic when a direct connection between participants isn’t possible (for example, they’re on a corporate network or behind a firewall).

According to security researchers Symantec, in December 2025 ransomware operators DragonForce targeted a major US services company, likely abusing an unknown flaw in an SQL or MSSQL server to get a foothold on their target’s network and, among other things, deployed a custom backdoor malware called ‘Backdoor.Turn’.

Who is DragonForce?

Symantec says this backdoor abuses...

Copyright of this story solely belongs to techradar.com. To see the full text click HERE

Read more

https://tii.imgix.net/production/articles/17367/23dfaed4-746f-47c9-baab-9971c7b43c97.png?fm=jpeg&auto=compress&w=610

Sources: Baidu's chip unit Kunlunxin Technology plans a Hong Kong IPO at a $50B target valuation, asking investors to buy chips worth 3-7x their IPO investment

Sponsor Posts Fast, affordable law for startups — Soxton automates startup legal so founders can move faster and sleep better. We handle incorporation, advisor, employment and commercial contracts. Join the waitlist for early access! Stop vibe coding analytics — Equals AI turns questions about your business into auditable spreadsheet models and dashboards.