Skip to main content
Emerging ThreatsMalware & Ransomware

KongTuke Hackers Exploit Microsoft Teams for Rapid Corporate Breaches

Person sitting at desk with laptop showing Microsoft Teams, surrounded by office equipment and cityscape through window.

"In the incidents we investigated, a single external Teams chat moved the operator from cold outreach to a persistent foothold in under five minutes," ReliaQuest reported.

KongTuke's shift to Microsoft Teams

ReliaQuest researchers say initial access broker KongTuke has added Microsoft Teams to its social engineering toolkit, a notable change from its previous web-based lures. The firm reports this campaign has been active since at least April 2026 and that KongTuke is rotating through five Microsoft 365 tenants to evade blocking. According to the researchers, the move does not replace KongTuke’s earlier web-based “FileFix” and “CrashFix” approaches but rather complements them.

How the attack chain works: PowerShell to ModeloRAT

The intrusion starts with a Teams message that convinces an employee to paste and run a PowerShell command. That command downloads a ZIP file hosted on Dropbox. The archive contains a portable WinPython environment that eventually launches a Python-based remote access tool named ModeloRAT (Pmanager.py), which ReliaQuest ties to earlier ClickFix attacks. Once running, ModeloRAT collects system and user information, captures screenshots, and can exfiltrate files from the host filesystem.

ModeloRAT’s new resilience and persistence

ReliaQuest documents three principal ways the ModeloRAT variant in this campaign has evolved. First, a more resilient command-and-control architecture now uses a five-server pool with automatic failover, randomized URL paths, and a self-update capability. Second, the implant presents multiple independent access paths: a primary RAT, a reverse shell, and a TCP backdoor, each running on separate infrastructure so that access can be preserved if one channel is disrupted. Third, persistence mechanisms have been expanded to include Run keys, Startup shortcuts, VBScript launchers, and SYSTEM-level scheduled tasks. ReliaQuest highlights that the scheduled task is not removed by the implant’s self-destruct routine and can survive system reboots, meaning standard cleanup may not fully eliminate the foothold.

Operational details: tenant rotation, impersonation, and evasion

To appear legitimate, the attackers employ Unicode whitespace tricks to make display names look like internal IT or help-desk staff. ReliaQuest observed the actors moving quickly from “cold outreach to a persistent foothold” and cycling through multiple Microsoft 365 tenants to avoid detection and blocking. The use of a collaboration platform to deliver an initial access payload — rather than a purely web-based lure — is the first time ReliaQuest has seen KongTuke operate in this way.

What this means for technologists, enterprises, and end users

  • Technologists and security teams: ReliaQuest recommends restricting external Microsoft Teams federation using allowlists to stop these conversations at the outset, and using the report’s indicators of compromise to hunt for signs of compromise and persistence artifacts.
  • Enterprises and procurement leaders: The campaign underscores that initial access brokers like KongTuke sell network access to ransomware operators, who can then deploy file-theft and data-encrypting malware. Visibility into collaboration-platform controls and tenant-level blocking strategies becomes a procurement and architectural concern.
  • End users: The attack relies on social engineering in a trusted collaboration channel; users are being targeted with messages purporting to be IT support and asked to execute a command. Awareness that external chats can be malicious is now material to operational security.

The practical result is simple and urgent: collaboration platforms are now an active front in initial-access operations. ReliaQuest’s findings show an actor moving from outreach to persistent access in minutes, using familiar tools — PowerShell, Dropbox, a portable Python runtime — assembled into a more resilient, harder-to-remove implant. Administrators have two concrete levers called out by the researchers: restrict external Teams federation with allowlists and hunt with the indicators of compromise in ReliaQuest’s report.

As defenders decide whether to tighten federation, reconfigure tenant controls, or update incident response playbooks, one operational detail from ReliaQuest stands out: the implant’s scheduled task can outlive the implant’s own cleanup routine and even survive reboots. That is the kind of persistence that turns a brief social-engineering success into an enduring intrusion.

Original story