Microsoft deflects Doppelpaymer/Teams rumors

News by Doug Olenick

Microsoft's security team defended its Teams communication platform, says no connection between app and distribution of Dopplepaymer ransomware

Microsoft’s security team defended its Teams communication platform saying it has found no connection between the app and the distribution of Dopplepaymer ransomware.

Simon Pope, director of incident response at the?Microsoft Security Response Center, went to bat for Teams saying he wanted to squelch any rumors that link the spread of Doppelpaymer to the Microsoft chat platform.

"There is misleading information circulating about Microsoft Teams, along with references to RDP (BlueKeep), as ways in which this malware spreads. Our security research teams have investigated and found no evidence to support these claims. In our investigations we found that the malware relies on remote human operators using existing Domain Admin credentials to spread across an enterprise network," Pope wrote in a blog post.

Cisco Talos reported in early November that Doppelpaymer had been used against two American manufacturers and was likely spread using a tech support scam that asked employees to execute specific commands or attempting to download the malware provided by the attacker. Doppelpaymer was named as the ransomware used in the attack on the Nunavut, Canada government offices.

The original version of this article was published on SC Media US.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews