Microsoft Teams’ default cross-tenant messaging can be abused for helpdesk impersonation attacks that begin with an unsolicited chat and escalate to Quick Assist, malware deployment, and lateral movement. Adding AI-generated voice makes the scam harder to detect, so organizations should restrict external Teams access, lock down Quick Assist and WinRM, and require out-of-band verification. #MicrosoftTeams #QuickAssist #WinRM #Rclone #Arup #AdaptiveSecurity
Keypoints
- Microsoft Teams cross-tenant messaging is enabled by default in many enterprises.
- Attackers pose as IT staff and push employees to start Quick Assist sessions.
- AI-generated voice adds a convincing second layer to the social engineering attempt.
- After access, attackers use built-in tools like PowerShell, WinRM, and HTTPS for control and theft.
- Restricting Teams access, Quick Assist, and WinRM can significantly reduce the attack path.
Read More: https://thehackernews.com/expert-insights/2026/06/how-attackers-are-adding-ai-voice.html