Signal

DragonForce hackers hide backdoor traffic in Microsoft Teams; persistent access gained in French business via OpenSSH and Tailscale

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-06-18 13:30 UTCUpdated 2026-06-18 17:04 UTC

rss

cveexploitsmalwarethreat_actorsincident_response

Trend in the last 24h

Current brief openSource links open

This current signal is open on the public brief with summary, metadata, source links, and full evidence. Pro adds compare-over-time, alerts, exports, and workflow.

Back Evidence (2)Get the free brief by email Start free trial

No card needed for the free brief.

Evidence trail (top sources)

top sources (2 domains)

2 top sources shown

SC Media - Persistent access via OpenSSH and Tailscale in French business

scworld.com · scworld.com · 2026-06-18 17:04 UTC

The Hacker News - DragonForce hackers abuse Microsoft Teams

thehackernews.com · thehackernews.com · 2026-06-18 13:30 UTC

limited source diversity in top sources

View all evidence

Overview

Threat actors linked to the DragonForce ransomware group have been detected using a custom Go-based remote access trojan named Backdoor.Turn to conceal command-and-control traffic within Microsoft Teams relay infrastructure.

Entities

MicrosoftSymantecCarbon BlackBackdoor.TurnHavoc's Demon agent

Score total

0.96

Momentum 24h

Posts

Origins

Source types

Duplicate ratio

Why now

Recent discoveries reveal active exploitation of Microsoft Teams by ransomware groups.
Newly reported intrusion in a French business shows evolving attacker persistence techniques.
Timely awareness can help organizations bolster defenses against similar attack methods.

Why it matters

Attackers increasingly exploit legitimate communication platforms like Microsoft Teams to evade detection.
Use of multi-stage malware chains combined with tools like OpenSSH and Tailscale enables stealthy, persistent access.
Understanding these tactics aids defenders in improving detection and response strategies.

LLM analysis

Topic mix: lowPromo risk: lowSource quality: medium

Recurring claims

DragonForce ransomware group uses Backdoor.Turn trojan to hide C2 traffic inside Microsoft Teams relay infrastructure
Attacker uses multi-stage malware chain and tools like OpenSSH and Tailscale to maintain persistent access to a French business

How sources frame it

The Hacker News: neutral
SC Media: neutral

This briefing highlights sophisticated attacker techniques leveraging legitimate platforms and multi-stage malware for stealth and persistence.

All evidence

The Hacker News - DragonForce hackers abuse Microsoft Teams

thehackernews.com · thehackernews.com · 2026-06-18 13:30 UTC

SC Media - Persistent access via OpenSSH and Tailscale in French business

scworld.com · scworld.com · 2026-06-18 17:04 UTC

Show filters & breakdown

Posts loaded: 0Publishers: 2Origin domains: 2Duplicates: -

Platform

Publisher

Origin domain

Relevance tier

Duplicates only

Showing 2 / 0

Top publishers (this list)

thehackernews.com (1)
scworld.com (1)

Top origin domains (this list)

thehackernews.com (1)
scworld.com (1)