Signal
Threat Actor Targeting VPN Users in New Credential Theft Campaign
Evidence first: scan the strongest sources, then decide whether to go deeper.
Published 2026-03-16 12:28 UTCUpdated 2026-03-16 23:08 UTC
rss
microsoft_teams
Source links open
Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.
No card needed for the free brief.
Evidence trail (top sources)
top sources (4 domains)domains are deduped. counts indicate coverage, not truth.4 top sources shown
Overview
The Rapid7 MDR team is currently monitoring an increase in phishing campaigns where threat actors (TAs) impersonate internal IT departments via Microsoft Teams.
Score total
1.53
Momentum 24h
5
Posts
5
Origins
4
Source types
1
Duplicate ratio
0%
All evidence
All evidence
Microsoft reports Storm-2561 campaign using fake VPN clients for credential theft
SC Media · scworld.com · 2026-03-16 23:08 UTC
Help on the line: How a Microsoft Teams support call led to compromise
Microsoft Security Blog · microsoft.com · 2026-03-16 16:00 UTC
Rapid7 Guidance on Observed Microsoft Teams Phishing Campaigns
Rapid7 Blog · rapid7.com · 2026-03-16 15:49 UTC
Security Firm Executive Targeted in Sophisticated Phishing Attack
SecurityWeek · securityweek.com · 2026-03-16 14:39 UTC
Show filters & breakdown
Posts loaded: 0Publishers: 4Origin domains: 4Duplicates: -
Showing 4 / 0
Top publishers (this list)
- SC Media (1)
- Microsoft Security Blog (1)
- Rapid7 Blog (1)
- SecurityWeek (1)
Top origin domains (this list)
- scworld.com (1)
- microsoft.com (1)
- rapid7.com (1)
- securityweek.com (1)