KongTuke Shifts to Microsoft Teams in Corporate Social Engineering Attacks

Initial access broker KongTuke is now using Microsoft Teams as part of its social engineering operations, according to recent reporting from ReliaQuest. The activity marks a notable shift for the threat actor, which has previously relied on web-based lures such as FileFix, CrashFix, and other ClickFix-style techniques to trick users into running malicious commands.

In the observed attacks, KongTuke operators contacted employees through external Microsoft Teams chats while impersonating internal IT or help-desk staff. The attackers attempted to convince victims to paste and run a PowerShell command on their systems. That command ultimately downloaded additional files and led to the deployment of ModeloRAT, a Python-based remote access trojan previously associated with KongTuke activity.

ReliaQuest reported that, in some investigated incidents, the attacker was able to move from initial Teams contact to a persistent foothold in under five minutes. The campaign has reportedly been active since at least April 2026, with the threat actor rotating through multiple Microsoft 365 tenants in an apparent effort to avoid blocking and maintain access to potential victims.

A key part of the attack is social trust. By abusing Microsoft Teams, attackers are able to approach users through a familiar corporate communication platform. In some cases, the attacker used display-name manipulation, including Unicode whitespace tricks, to make the account appear more legitimate and closely resemble internal IT support.

The PowerShell command delivered through Teams downloads a ZIP archive from Dropbox containing a portable WinPython environment. That environment is then used to launch ModeloRAT, also identified as Pmanager.py. Once active, the malware can collect system and user information, capture screenshots, and exfiltrate files from the infected host.

 

ReliaQuest also noted that the newer ModeloRAT activity includes several improvements over earlier versions. These include a more resilient command-and-control setup with multiple servers and failover capability, several separate access mechanisms such as a primary RAT, reverse shell, and TCP backdoor, and expanded persistence methods using Run keys, Startup shortcuts, VBScript launchers, and SYSTEM-level scheduled tasks.

The scheduled task persistence is especially concerning because it may remain even after other malware components are removed. According to the report, the implant’s self-destruct process does not remove that scheduled task, allowing access to potentially survive reboots or incomplete cleanup efforts.

Because KongTuke operates as an initial access broker, successful compromises may be sold or handed off to other threat actors, including ransomware affiliates. This makes early detection and prevention especially important.

Organizations can reduce exposure by restricting external Microsoft Teams federation, preferably through allowlists, so only trusted external domains can message employees. Security teams should also review Microsoft 365 tenant activity, investigate suspicious external Teams chats, monitor for unusual PowerShell execution, and hunt for the persistence artifacts and indicators of compromise listed in ReliaQuest’s report.

Bottom line: this campaign shows how attackers are moving beyond email and fake websites into trusted collaboration tools. Employees should be reminded that legitimate IT staff should not ask users to paste PowerShell commands from Teams chats, especially from external accounts.