Proofpoint has posted a blog discussing research into new ways to exploit Microsoft Teams, including post account compromise impersonation and manipulation techniques, weaponized meeting invites by replacing default URLs with malicious links, and weaponized messages by replacing existing URLs with malicious links. The blog details how to use each exploit at a high level, along with examples.

Proofpoint finds that Microsoft Teams is one of the ten most targeted sign-in applications, with nearly 40% of targeted organizations having at least one unauthorized login attempt trying to gain access. Approximately 60% of Microsoft 365 tenants suffered at least one successful account takeover incident in 2022. Due to the application’s popularity, members that use Teams are encouraged to include awareness of these techniques in security awareness and education. Read more at Proofpoint.