ctipilot.ch

DragonForce intrusion — first ITW Microsoft Teams TURN-relay C2 (Backdoor.Turn) + four-driver BYOVD chain

campaign · item:dragonforce-backdoor-turn-teams-relay-byovd

Coverage timeline
1
first 2026-06-17 → last 2026-06-17
Briefs
1
1 distinct
Sources cited
15
9 hosts
Sections touched
1
deep_dive
Co-occurring entities
0
no co-occurrence

Story timeline

  1. 2026-06-17CTI Daily Brief — 2026-06-17
    deep_diveFirst coverage; Symantec; novel Teams-relay C2, BYOVD, ABYSSWORKER

Where this entity is cited

  • deep_dive1

Source distribution

  • attack.mitre.org4 (27%)
  • nvd.nist.gov3 (20%)
  • helpnetsecurity.com2 (13%)
  • bleepingcomputer.com1 (7%)
  • horizon3.ai1 (7%)
  • joomlacontenteditor.net1 (7%)
  • security.com1 (7%)
  • securityboulevard.com1 (7%)
  • other1 (7%)

All cited sources (15)

Items in briefs about DragonForce intrusion — first ITW Microsoft Teams TURN-relay C2 (Backdoor.Turn) + four-driver BYOVD chain

No parsed item heading or body matches this entity yet. Items match by exact CVE id (for CVE entities), by lead-segment substring of the title in the item heading or body, or by a distinctive anchor token from the title appearing in the item heading. Coverage that lives inside a broader section (no per-item heading) is captured by the Story timeline above.