DragonForce Hides C2 Traffic in Microsoft Teams Relays

DragonForce ransomware actors deployed a Go-based RAT called Backdoor.Turn that hides command-and-control traffic inside Microsoft Teams relay infrastructure. The backdoor uses a legitimate Microsoft TURN relay and QUIC session to evade detection. The attackers remained on a major U.S. services firm's network for one to two months.