A recent ransomware attack against a major company leveraged Microsoft Teams to conceal malicious activity, with the DragonForce ransomware exploiting a visitor token to disguise command and control traffic as legitimate. This tactic allowed the attackers to evade detection, highlighting the vulnerabilities of trusted applications in facilitating cyber attacks. The use of a legitimate service like Microsoft Teams to hide malicious activity underscores the need for robust security measures, particularly in sectors where operational resilience is crucial. By exploiting a trusted token, the attackers were able to blend in with normal traffic, making it more challenging for defenders to identify the threat. The success of this attack demonstrates the importance of sector-specific risk assessment and planning, as ransomware attacks targeting Microsoft applications can have significant implications for operational resilience1. This incident serves as a reminder that security practitioners must prioritize proactive measures to mitigate such threats and ensure business continuity.