--- title: "Teams Phishing Spreads Malware, Crypto Theft Heist, Russian Cyberattack Charges – Cybersecurity News [September 04, 2023] | Phish Protection" description: "Let us look into the latest phishing news of the week, highlighting Google" image: "https://phishprotection.com/og/blog/cybersecurity-updates-for-the-week-36-of-2023.png" canonical: "https://phishprotection.com/blog/cybersecurity-updates-for-the-week-36-of-2023/" --- Quick Answer Let us look into the latest phishing news of the week, highlighting \*\*Google's new features\*\*, Darknet malware, \[crypto phishing\](/phishing-awareness/crypto-phishing-scams-how-can-users-stay-fully-protected) attacks, and Russian malicious actors. Share [ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-36-of-2023%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Teams%20Phishing%20Spreads%20Malware%2C%20Crypto%20Theft%20Heist%2C%20Russian%20Cyberattack%20Charges%20%26%238211%3B%20Cybersecurity%20News%20%5BSeptember%2004%2C%202023%5D&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-36-of-2023%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-36-of-2023%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-36-of-2023%2F&title=Teams%20Phishing%20Spreads%20Malware%2C%20Crypto%20Theft%20Heist%2C%20Russian%20Cyberattack%20Charges%20%26%238211%3B%20Cybersecurity%20News%20%5BSeptember%2004%2C%202023%5D "Share on Reddit") [ ](mailto:?subject=Teams%20Phishing%20Spreads%20Malware%2C%20Crypto%20Theft%20Heist%2C%20Russian%20Cyberattack%20Charges%20%26%238211%3B%20Cybersecurity%20News%20%5BSeptember%2004%2C%202023%5D&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-36-of-2023%2F "Share via Email") ![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2023/09/phishing-prevention-tips.jpg) Let us look into the latest phishing news of the week, highlighting **Google’s new features**, Darknet malware, [crypto phishing](/phishing-awareness/crypto-phishing-scams-how-can-users-stay-fully-protected) attacks, and Russian malicious actors. ### \*\*\*\* DarkGate Malware Propagated Through Phishing Attack on Microsoft Teams A recent cyberattack has been uncovered involving a phishing campaign that exploits [Microsoft Teams](https://www.techtarget.com/searchunifiedcommunications/news/366550158/Microsoft-Teams-attack-exposes-collab-platform-security-gaps) messages to deliver a dangerous payload known as the \*\*DarkGate Loader \*\*malware. This nefarious campaign came to light in late August 2023 , as reports emerged of malevolent Microsoft Teams phishing messages emanating from two compromised external Office 365 accounts. These accounts were compromised to deceive unsuspecting Microsoft Teams users into downloading and launching a **deceptive .zip file** labeled “Changes to the vacation schedule.” Upon clicking the attachment, the .zip file containing an [LNK file](https://fileinfo.com/extension/lnk) camouflaged as a PDF document would be downloaded from a **SharePoint URL**. This seemingly innocuous file harbored malicious VBScript code that catalyzed the infection process, ultimately leading to the deployment of the DarkGate Loader. As found[by researchers at Truesec](https://www.truesec.com/hub/blog/darkgate-loader-delivered-via-teams), the phishing campaign leveraged compromised Microsoft Teams accounts to disseminate malicious attachments to other organizations that used Teams. The approach bore similarities to a June 2023[report](https://labs.jumpsec.com/advisory-idor-in-microsoft-teams-allows-for-external-tenants-to-introduce-malware/)by Jumpsec, which demonstrated the **exploitation of Microsoft Teams** for malicious messaging, using phishing and social engineering tactics. While DarkGate may not yet pose a widespread threat, its expanding range of targets and **adoption of diverse infection avenues** necessitates vigilant monitoring as it emerges as a potential cyber threat on the horizon. ### \*\*\*\* Phishing Scam Steals $24 Million from Ethereum Wallet in Major Crypto Theft > “Zero-day phishing URLs have an average lifespan of just 12 hours before they’re added to blocklists. During that window, traditional signature-based filters are blind. Our real-time behavioral analysis catches these threats by pattern, not by signature - which is how we detect attacks that no database has seen yet.” - **Adam Lundrigan**, CTO, DuoCircle A phishing attack targeted an Ethereum address known for its interactions with [DeFi (Decentralized Finance) protocols](https://www.blockchain-council.org/defi/defi-protocols/), resulting in substantial losses exceeding $24 million in **cryptocurrencies**. The attacker executed the theft by deceiving the victim into visiting a **malicious website** and authorizing “Increase Allowance” transactions on their digital wallet. The stolen assets comprise approximately $8.5 million worth of Rocket Pool ETH (rETH) and around $15.6 million in Lido Staked ETH (stETH). Both rETH and stETH are **Ethereum-based derivatives** designed for users to stake their ETH and receive rewards. Scam Sniffer, a blockchain security enterprise,[uncovered the exploit and confirmed](https://twitter.com/realScamSniffer/status/1699605367829995578?s=20)that the threat actor had **initiated transfers** of the stolen funds. A portion of the funds was moved to FixedFloat, an instant cryptocurrency exchange supporting the Bitcoin Lightning Network. A significant share of the stolen assets is currently held in three separate, unrelated addresses. Notably, the attacker’s address has connections to numerous cryptocurrency phishing websites. The victim’s identity remains undisclosed, but on-chain data indicates that the targeted address was actively involved in the [DeFi ecosystem](https://techcrunch.com/2023/08/01/curve-finances-62m-exploit-exposes-larger-issues-for-defi-ecosystem/). It had contributed liquidity totaling $1.6 million on **Uniswap V3** and had utilized various DeFi platforms, including Aave, Curve, and 1inch. ![Phishing prevention tips](https://media.mailhop.org/phishprotection/images/2023/09/phishing-prevention-tips.jpg) This incident is a reminder of the persistent and evolving threat posed by **sophisticated phishing** schemes within the cryptocurrency sector. The incident came shortly after Kroll, the claims agent involved in FTX’s bankruptcy proceedings, experienced a [cybersecurity](/content/cybersecurity-in-a-nutshell) breach, compromising customer data belonging to claimants in the **ongoing bankruptcy** case. ### \*\*\*\* US Authorities Bring Charges Against 9 Russians Linked to Cyberattacks on American Organizations Earlier this week, the DOJ (Department of Justice) unveiled charges against nine Russian nationals, accusing them of utilizing Russian-based [malware](/content/protection-against-malware/what-is-malware) in cyberattacks aimed at **siphoning funds** from various US entities , including corporations, government agencies, and educational institutions. The individuals named in the charges are Mikhail Tsarev, Maksim Galochkin, Andrey Zhuykov, Sergey Loguntsov, Dimitry Putlin, Max Mikhaylov, Valentin Karyagin, Makism Rudensky, and Maskim Khaliullin. According to the DOJ, they allegedly harnessed malicious software tools, specifically Trickbot and Conti, to **infiltrate the devices** of American victims. > Attorney General Merrick[Garland stated that the perpetrators are linked to a ransomware](https://abcnews.go.com/Politics/9-russians-charged-cyberattacks-targeting-us-companies-doj/story?id=103033736#:~:text=Mikhail%20Tsarev%2C%20Andrey%20Zhuykov%2C%20Maksim,devices%2C%20according%20to%20the%20DOJ.)variant widely used in the United States. Their activities encompassed attacks on various targets, including local police departments and **emergency medical services**. _One of the indictments details how the accused infected victims’ computers with Trickbot malware_. It was designed to harvest **sensitive personal data** such as banking credentials, passwords, and personal identification information, including credit card and email data. Subsequently, the threat actors leveraged these stolen login credentials to **drain funds** from victims’ bank accounts. To compound the damage, they also deployed [ransomware](/content/protection-against-ransomware/what-is-ransomware) on the compromised computers. The accused are believed to reside in Russia and do not have legal representation in the US. National Security Council’s former senior director for counterterrorism, Javed Ali, opined that these individuals will unlikely face justice. However, he noted that the DOJ’s recent indictments underscore the United States’ commitment to **holding malicious actors accountable** for their actions. ### \*\*\*\* Google Chrome’s Real-Time Phishing Protection Now Available to All Users Google[has unveiled a significant](https://blog.google/products/chrome/Google-chrome-new-features-redesign-2023/)enhancement to its web browser, Google Chrome, to bolster **user security**. Google announced today that it will introduce real-time [phishing protection](/) to the existing standard Safe Browsing feature, extending this security measure to all users. Recognizing the latest need to bridge the gap between threat identification and prevention, Google is now extending\*\* real-time protection\*\* to the standard Safe Browsing feature. Earlier, the locally hosted Safe Browsing list was only updated every 30 to 60 minutes, whereas 60% of [phishing domains](https://cointelegraph.com/news/north-korean-hackers-stealing-nfts-using-nearly-500-phishing-domains) remain active for just 10 minutes. ![Anti phishing protection](https://media.mailhop.org/phishprotection/images/2023/09/anti-phishing-protection-0496.jpg) By upgrading Safe Browsing to check sites in real-time against Google’s known malicious sites, Google anticipates a 25% improvement in [protection against malware](/content/protection-against-malware) and phishing threats. Google is implementing the real-time protection feature in a more **privacy-preserving manner** through Fastly Oblivious [HTTP Relays](https://httprelay.io/). This protocol conveys users’ partially hashed URLs to Google’s Safe Browsing engine without exposing private information such as IP addresses and request headers. _However, this approach has a limitation: it **cannot heuristically determine** if a URL is malicious without first being flagged by Google._ However, if the user is ready to compromise on some privacy, they can turn on **Enhanced Protection mode**, which offers even higher security with the help of AI. Google has reassured users that the real-time protection feature will not be employed for delivering advertisements. ### Protect Your Organization - [Learn how phishing attacks work and how to spot them](/learn-what-is-phishing/) - [See how Phish Protection blocks threats in real time](/anti-phishing-tools/) ## Topics [ Announcements ](/tags/announcements/) ![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) [ Brad Slavin ](/authors/brad-slavin/) General Manager Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base. [LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) ## Protect your inbox from phishing attacks Real-time email security with 60-day free trial. No credit card required. [Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) ## Related Articles [ Intermediate 5m Cybersecurity Updates For The Week 33 of 2022 Aug 22, 2022 ](/blog/cyber-security-news-update-week-33-2022/)[ Intermediate 6m Cybersecurity Updates For The Week 41 of 2022 Oct 21, 2022 ](/blog/cybersecurity-news-21-oct-2022/)[ Intermediate 5m Cybersecurity Updates For The Week 1 of 2021 Jan 1, 2021 ](/blog/cybersecurity-updates-for-the-week-1-of-2021/)[ Intermediate 6m Cybersecurity Updates For The Week 1 of 2022 Jan 7, 2022 ](/blog/cybersecurity-updates-for-the-week-1-of-2022/) ```json {"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}} ``` ```json {"@context":"https://schema.org","@type":"BlogPosting","headline":"Teams Phishing Spreads Malware, Crypto Theft Heist, Russian Cyberattack Charges – Cybersecurity News [September 04, 2023]","description":"Let us look into the latest phishing news of the week, highlighting Google's new features, Darknet malware, crypto phishing attacks.","url":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-36-of-2023/","datePublished":"2023-09-12T07:49:47.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2023-09-12T07:49:47.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-36-of-2023/"},"articleSection":"intermediate","keywords":"Announcements","wordCount":1013,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2023/09/phishing-prevention-tips.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}} ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Intermediate","item":"https://phishprotection.com/intermediate/"},{"@type":"ListItem","position":4,"name":"Teams Phishing Spreads Malware, Crypto Theft Heist, Russian Cyberattack Charges – Cybersecurity News [September 04, 2023]","item":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-36-of-2023/"}]} ```