Technology⚠ unverified · 20%

Stealthy C2: DragonForce ransomware group hid inside a US firm for 2 months by abusing Microsoft Teams TURN servers for C2 traffic. The novel tactic used a Go-based RAT to blend in with legitimate act

Name: Stealthy C2: DragonForce ransomware group hid inside a US firm for 2 months by abusing Microsoft Teams TURN servers for C2 traffic. The novel tactic used a Go-based RAT to blend in with legitimate act
Start: 2026-06-17T15:46:21.221000Z

Machine-generated label — not the source headline.

Unverified, machine-classified. This event was auto-detected from a single BLUESKY news source. The title is a machine-generated label — not the article’s headline — and may not reflect the source. Open the source to confirm; treat as a developing signal until verified.

When: 2026-06-17 15:46 UTC
Where: Location unknown
Category: cyber · ransomware

Stealthy C2: DragonForce ransomware group hid inside a US firm for 2 months by abusing Microsoft Teams TURN servers for C2 traffic. The novel tactic used a Go-based RAT to blend in with legitimate activity. 🐉 #Ransomware #DragonForce #C2 #MicrosoftT... 🌐 cyber[.]netsecops[.]io

Involved actors & entities

People, organizations and places machine-extracted from the source reporting — they power search and the correlation graph. Extracted automatically, so they can include noise, especially on events still marked unverified.

ransomware
dragonforce
c2
microsoftt

Sources

Bluesky ↗ · first seen 2026-06-17 15:46 UTC

Defaxon links out to the original reporting and never republishes article text.

Correlated events

Computed by the Defaxon correlation engine — linked by shared actors, co-location, and temporal proximity. Scored hypotheses, never causal claims.

← Back to the live map