Ransomware gang abuses Microsoft Teams relays to hide malicious traffic

DragonForce ransomware deployed Backdoor.Turn, a Go-based backdoor that hides command-and-control traffic inside Microsoft Teams TURN relay infrastructure. The malware obtains an anonymous Teams visitor token and uses legitimate TURN relays during connection setup. Symantec researchers identified this as the first known in-the-wild malware to abuse Teams TURN relays for C2 communications.