Tag

Backdoorturn

All articles tagged with #backdoorturn

DragonForce Hides C2 Traffic in Microsoft Teams Relays with Backdoor.Turn
technology23 days ago

DragonForce Hides C2 Traffic in Microsoft Teams Relays with Backdoor.Turn

DragonForce-linked Backdoor.Turn uses Microsoft Teams’ TURN relay to hide its command-and-control traffic, obtaining an anonymous Teams token and establishing a QUIC connection to the attacker’s C2 server. The intrusion into a major U.S. services firm began with a BYOVD/DLL side-loading chain and included injection into DbgView64.exe for persistence, with initial access likely via an SQL/MS-SQL flaw or an initial access broker. The actors remained on the network for 1–2 months, illustrating a shift toward sophisticated, cartel-like ransomware operations.

Ransomware hides C2 traffic in Teams relays to evade detection
technology25 days ago

Ransomware hides C2 traffic in Teams relays to evade detection

Symantec reports DragonForce’s Go-based Backdoor.Turn ransomware is the first in-the-wild malware to abuse Microsoft Teams TURN relays to conceal its command-and-control traffic. After initial access via an SQL server vulnerability, the group used BYOVD drivers for kernel privileges, established persistence, exfiltrated data, and then deployed DragonForce ransomware, leveraging sophisticated tradecraft and publishing IoCs for defenders.