Sophos X-Ops' Managed Detection and Response (MDR) is warning of ransomware attacks using email bombing as well as imitating tech support, otherwise known as vishing, through Microsoft Office 365. STAC5777 overlaps with a group previously identified by Microsoft as Storm-1811, while STAC5143 is using tactics from an old Storm-1811 playbook. According to Sophos MDR, there have been more than 15 incidents involving these tactics in the past three months. These tactics include using Microsoft remote control tools like Quick Assist or Teams screen sharing. From there attackers take control of a victim's device and install malware, sending Teams messages or making Teams calls from a threat actor-controlled Office 365 impersonating tech support. They also send large volumes of spam emails to overwhelm Outlook mailboxes, a strategy known as email bombing.

‍