By Guru Baran
Publication Date: 2026-03-18 03:27:00
Microsoft Detection and Response Team details a sophisticated voice phishing (vishing) campaign that successfully compromised a corporate environment in November 2025. Unlike conventional intrusions that rely on software exploits, this attack weaponized trust, collaboration platforms, and built-in Windows tooling to gain initial access.
The threat actor initiated the campaign by impersonating IT support personnel through Microsoft Teams voice calls, a technique increasingly favored for its legitimacy and low technical barrier.
After two failed social engineering attempts against separate employees, the attacker succeeded on the third try, convincing a user to grant remote access through Quick Assist, Microsoft’s built-in remote assistance utility.
This persistence in targeting multiple individuals before success reflects a calculated, human-operated approach. The attacker leveraged the inherent trust employees place in internal IT…
