Microsoft Threat Intelligence has discovered a new campaign by the Storm-1811 group, involving the misuse of the Quick Assist tool to carry out social engineering attacks leading to ransomware infections. Quick Assist is a legitimate Microsoft application designed to facilitate remote connections between devices to troubleshoot technical issues. The application comes pre-installed on devices running Windows 11.
In this latest campaign, attackers are leveraging Quick Assist to deceive users into granting them access by posing as trusted entities. By exploiting social engineering tactics, the hackers aim to gain initial entry into the victim’s systems. To enhance the credibility of their attacks, the threat actors employ various convincing methods.