DragonForce hackers have been exploiting Microsoft Teams infrastructure to conceal their command-and-control traffic, utilizing a custom Go-based remote access trojan known as Backdoor.Turn. This tactic allows the threat actors to bypass traditional security measures, making it more challenging to detect their malicious activities. The backdoor was recently deployed against a major U.S. services firm, highlighting the sector-specific risks associated with ransomware attacks. By leveraging Microsoft Teams relays, the hackers can disguise their C2 communications, potentially evading detection by security systems. The use of this custom RAT and Microsoft Teams abuse demonstrates the evolving nature of ransomware threats1. This development matters to security practitioners because it underscores the importance of operational resilience planning in mitigating the impact of targeted attacks on critical infrastructure.