🔴 Uh-oh… Hackers are now calling your clients pretending to be YOU

Microsoft published a detailed warning this week about a campaign that should make every MSP uncomfortable.

Threat actors are contacting employees through external Microsoft Teams chats, posing as IT helpdesk staff, and convincing them to grant remote access via Quick Assist.

Once inside, they use legitimate tools like Windows Remote Management and Rclone to move around and quietly take data… blending in so well with normal IT activity that detection is genuinely hard. Bleeping Computer

Think about what that means for you specifically. You ARE the IT helpdesk for your clients. Your name and your team’s name are already in their heads as trusted. An attacker impersonating your helpdesk through Teams isn’t just plausible: It’s believable.

Microsoft notes this attack relies entirely on social engineering rather than software vulnerabilities. The attacker simply persuades the user to override multiple security warnings that Teams displays for external contacts. Microsoft

Two practical things to do today:

1. Tell your clients to verify any unsolicited Teams contact from “IT support” through a known phone number before granting remote access, and

2. Check whether external Teams messaging is restricted in their tenants. Convenience settings in Teams are becoming an attack surface.

🟡 A ransomware investigation just uncovered 1,570 corporate victims nobody knew about

Following an investigation into a Gentlemen ransomware attack, security researchers discovered something alarming underneath it.

A SystemBC proxy malware botnet of more than 1,570 hosts, believed to be corporate victims, was uncovered. These organisations had been silently compromised and were being used as infrastructure without apparently knowing it. Bleeping Computer

The Gentlemen is the ransomware group that went from 35 victims in Q4 2025 to 182 in Q1 2026. They’re growing fast. And this botnet discovery suggests their reach is significantly wider than public victim counts suggest.

The uncomfortable implication: the number of organisations actively compromised at any given moment is almost certainly much higher than reported breach figures suggest. Compromised and not yet ransomed (or not yet aware). This is why continuous monitoring matters, not just patching and hoping.

Something to remind all of your clients every time you talk to them.

🟢 Microsoft fixed the Teams bug that was breaking everything

Good timing given the first story today.

Microsoft has reverted a recent service update that was preventing some customers from launching the Microsoft Teams desktop client. Bleeping Computer

No further action needed on your end, the rollback has been applied automatically. But if any clients were complaining about Teams not opening this morning before you saw this, that was why. Worth a quick check-in if you had any tickets come in overnight.

The irony of today’s newsletter is not lost: Teams is simultaneously the thing attackers are exploiting and the thing Microsoft just had to fix. Busy week for Redmond.

That's your MSP Minute for Wednesday. We’ll be back in your inbox tomorrow morning.