Microsoft is warning enterprises about a recent Teams-based phishing campaign operated by a developing thrat group known as Storm-0342.
A threat group, active for six years, has created an underground marketplace where it sells at least 16 custom tools and an advanced phishing kit to a clientele of at least 500 threat actors.
Attackers sent 120,000 phishing emails to over 100 organizations worldwide between March and June.
Researchers with Microsoft on Wednesday said that the threat actor has used a “highly targeted” social engineering attack to hit 40 global organizations.
Researchers observed 94 new domains associated with a known Russia-linked espionage threat group.