Initial access broker with close links to ransomware groups is targeting organizations with Microsoft Teams phishing attacks, with malicious links leading to a malicious SharePoint-hosted file.
Attack campaigns conducted against Ukrainian government agencies and businesses have been linked to an initial access broker that appears to be staffed with former members of the Conti ransomware gang.
Google says initial access broker Exotic Lily targeted at least 650 organizations with about 5,000 phishing emails per day to obtain credentials for selling to ransomware gangs.



