Ransomware gang abuses Microsoft Teams relays to hide malicious traffic

DragonForce ransomware used a custom malware named 'Backdoor.Turn' to hide command-and-control traffic inside Microsoft Teams relay infrastructure.

Grace Ops

CONTENT OPTIMIZATION · AEO/GEO

FRESH

Score Card

citation-worthiness 0–100

/ 100

The page has a genuinely newsworthy topic and a fresh date, but it reads like a stub — the one concrete fact (DragonForce/Backdoor.Turn) is buried, unsourced statistics are absent, the body is padded with templated filler, and there is no named author or technical depth for an LLM to confidently cite.

Direct answer10/20
Statistics3/20
Structure7/15
Authority3/15
Freshness11/15
Topical depth3/15

Topic Tracks

discussion

0 comments

Loading comments…

audit trail / provenance4

Provenance

Claims tie surfaced fields back to sources, models, or heuristics.

severity.upliftheuristicn/a
CVE or advisory identifiers detected — floor raised to at least high.
severity.upliftheuristicn/a
Active exploitation / in-the-wild language detected — floor raised to at least high.
severity.upliftheuristicn/a
Ransomware campaign indicators detected — floor raised to at least high.
severity.upliftheuristicn/a
Combined zero-day/exploit + ransomware/mass-impact signals → critical.

What changed

Append-only revisions when ingest or analysts evolve the record.

No revision rows stored yet.

Sources

https://www.bleepingcomputer.com/news/security/ransomware-gang-abuses-microsoft-teams-relays-to-hide-malicious-traffic/

Curated Jun 16, 2026 by Aidan Duffy, Threat intelligence editor, AHackaday./Methodology/Sources verified.

Brief grounded in 1 source.