KongTuke hackers now use Microsoft Teams for corporate breaches

Initial access broker KongTuke has moved to Microsoft Teams for social engineering attacks, taking as little as five minutes to gain persistent access to corporate networks.

The threat actor tricks users into pasting a PowerShell command that ultimately delivers the ModeloRAT, which has been previously seen in ClickFix attacks [1, 2].

Initial access brokers (IAB) like KongTuke typically sell company network access to ransomware operators, who use it to deploy file-theft and data-encrypting malware.

Cybercriminals have increasingly adopted Microsoft Teams in attacks, reaching out to company employees and pretending to be IT and help-desk staff.

The victims are convinced to run a malicious PowerShell command on their systems, which deploys the “ModeloRAT” malware.

ReliaQuest researchers observed this activity and say that it is a shift in tactics for KongTuke, who previously relied solely on web-based “FileFix” and “CrashFix” lures.

“This Teams activity, which appears to add to, rather than replace, that web-based approach, marks the first time we’ve seen KongTuke use a collaboration platform for initial access,” explains ReliaQuest.

“In the incidents we investigated, a single external Teams chat moved the operator from cold outreach to a persistent foothold in under five minutes.”

The campaign has been active since at least April 2026, with KongTuke rotating through five Microsoft 365 tenants to evade blocking, the researchers say.

To pass as internal IT support staff, the attacker uses Unicode whitespace tricks to make the display name appear legitimate.

The malicious PowerShell command shared via Teams downloads a ZIP archive from Dropbox that contains a portable WinPython environment, which eventually launches the Python-based malware, ModeloRAT (Pmanager.py).

The malware collects system and user information, captures screenshots, and can exfiltrate files from the host filesystem.

ReliaQuest notes that the ModeloRAT version used in this recent campaign has evolved compared to what was seen in previous operations, mostly in three ways:

1. A more resilient C2 architecture with a five-server pool, automatic failover, randomized URL paths, and self-update capability.
2. Multiple independent access paths, including a primary RAT, a reverse shell, and a TCP backdoor, running on separate infrastructure to preserve access if one channel is disrupted.
3. Expanded persistence mechanisms using Run keys, Startup shortcuts, VBScript launchers, and SYSTEM-level scheduled tasks that may survive standard cleanup procedures.

The researchers note that the scheduled task isn’t removed by the implant’s self-destruct routine, which wipes the other persistence mechanisms, and can persist through system reboots.

To defend against Team-initiated attacks, it is recommended to restrict external Microsoft Teams federation using allowlists to block these attempts at their start.

Additionally, administrators can use the indicators of compromise available in ReliaQuest’s report to hunt for attacks, signs of compromise, and persistence artifacts.