KongTuke hackers now use Microsoft Teams for corporate breaches

At a glance:

• KongTuke, an initial access broker, has shifted to Microsoft Teams for social engineering attacks, gaining persistent network access in under five minutes.
• The attack chain delivers ModeloRAT via a malicious PowerShell command shared in a Teams chat, using Dropbox-hosted WinPython and evolved C2 infrastructure.
• The campaign has been active since at least April 2026, with the actor rotating through five Microsoft 365 tenants and using Unicode tricks to impersonate internal IT staff.

How KongTuke is weaponizing Microsoft Teams

Initial access broker KongTuke has added Microsoft Teams to its toolkit, marking a tactical shift that security researchers say compresses the attack timeline dramatically. According to ReliaQuest, a single external Teams chat can move an operator from cold outreach to a persistent foothold in under five minutes. The threat actor convinces victims to paste a malicious PowerShell command into their terminal, which ultimately delivers ModeloRAT — a Python-based remote access trojan previously spotted in ClickFix campaigns.

The PowerShell command downloads a ZIP archive from Dropbox that contains a portable WinPython environment. Once unpacked, the environment launches Pmanager.py, the ModeloRAT payload. The malware collects system and user information, captures screenshots, and can exfiltrate files from the host filesystem. To appear as a legitimate internal IT or help-desk contact, the attacker uses Unicode whitespace tricks that make the Teams display name look credible.

KongTuke previously relied solely on web-based lures called "FileFix" and "CrashFix." ReliaQuest notes that the Teams activity appears to supplement rather than replace that web-based approach, describing it as the first time the broker has used a collaboration platform for initial access.

ModeloRAT's evolved capabilities

The ModeloRAT variant observed in this campaign has evolved compared to earlier operations in three key ways. First, its command-and-control architecture is more resilient: it now uses a five-server pool with automatic failover, randomized URL paths, and a self-update capability. Second, it offers multiple independent access paths — a primary RAT, a reverse shell, and a TCP backdoor — each running on separate infrastructure so that disrupting one channel doesn't cut off the attacker entirely. Third, persistence mechanisms have expanded to include Run keys, Startup shortcuts, VBScript launchers, and SYSTEM-level scheduled tasks.

Notably, the scheduled task survives the implant's self-destruct routine, which wipes the other persistence mechanisms. This means the task can persist through system reboots and may survive standard cleanup procedures, giving the attacker a durable backdoor even if other traces are removed.

Why the shift to Teams matters for defenders

The move to Microsoft Teams reflects a broader trend in which cybercriminals adopt widely used enterprise collaboration tools to reach employees at scale. By rotating through five Microsoft 365 tenants, KongTuke is trying to evade blocking and detection. The speed of the attack — under five minutes from first contact to persistent access — leaves little time for traditional security workflows to catch the malicious command.

ReliaQuest recommends that administrators restrict external Microsoft Teams federation using allowlists to block these attempts at the entry point. Additionally, teams can use the indicators of compromise published in ReliaQuest's report to hunt for signs of compromise and persistence artifacts. The detailed IOCs provide a concrete starting point for incident responders looking to identify whether their environment has been targeted.

What to watch next

As collaboration-platform attacks become more common, organizations should treat external chat invitations with heightened scrutiny. The ModeloRAT evolution — particularly the resilient multi-channel C2 design and the persistent scheduled task — signals that initial access brokers are investing in tooling that survives remediation. Enterprises running Microsoft 365 should audit federation settings and monitor for the specific PowerShell patterns and Dropbox-related network indicators outlined in the research.

The campaign's April 2026 start date suggests KongTuke has been operating this approach for several months, giving it time to refine tenant rotation and social-engineering scripts. Security teams should factor this actor into their threat models and watch for new lures that exploit other collaboration features.