Dossier
DragonForce
Coverage of DragonForce in the Nexus archive.
- DragonForce Hackers Abuse Microsoft Teams Relays to Hide Backdoor.Turn C2 Traffic
Threat actors linked to DragonForce ransomware used Backdoor.Turn, a custom Go-based remote access trojan, to conceal command-and-control traffic via Microsoft Teams relay infrastructure. The malware was deployed against a major U.S. services firm, according to Symantec and Carbon Black.
- Ransomware gang abuses Microsoft Teams relays to hide malicious traffic
The DragonForce ransomware gang used a custom malware named 'Backdoor.Turn' to conceal command-and-control traffic within Microsoft Teams' relay infrastructure. This method allowed malicious activity to evade detection by leveraging legitimate communication channels.