We have recently been made aware of a sophisticated cyberattack campaign targeting Microsoft Teams users. Hackers are sending fake meeting invitations to trick recipients into providing authentication tokens, which can then be used to gain unauthorized access to accounts and sensitive information.

Key Details:

• Attack Method: The attackers, identified as Storm-2372, are leveraging Microsoft Teams meeting invites to execute "device code phishing" attacks.
• How It Works: Victims receive a phishing email that appears to be a legitimate Teams meeting invitation. The email prompts the recipient to authenticate using a device code on a legitimate Microsoft login page. Once the victim completes the authentication, the attackers intercept the access tokens generated during the process.
• Impact: These tokens allow persistent access to the victim’s accounts without requiring passwords or multi-factor authentication (MFA), as long as the tokens remain valid.

What You Can Do:

1. Be Vigilant: Always verify the sender's email address and the legitimacy of the meeting invitation before clicking any links or entering any codes.
2. Report Suspicious Activity: If you receive any suspicious meeting invitations or emails, click the Phish Alert Icon, report them to our ACORD Helpdesk via this link or email helpdesk@acord.org.
3. Enable MFA: This has been enabled for all Office365 accounts to add an extra layer of security.

For more detailed information, please refer to the article here.

Additionally, I encourage everyone to follow our security and maintenance updates to stay informed about the latest developments and best practices.

Your awareness and cooperation are crucial in protecting our organization from these threats. If you have any questions or need further assistance, please do not hesitate to contact the IT department.

Thank you for your attention to this important matter.