New US Navy Tool Exposes Microsoft Teams Security Flaws

‘TeamsPhisher’ could be used to easily send and spread malware.

A member of the US Navy’s information security research team has this week published an experimental tool that exploits incoming file restraints within Microsoft Teams.

Named TeamsPhisher, the Python-based tool takes advantage of an unresolved security flaw. It means attackers can bypass Teams’ file-sending restrictions to undertake standard phishing or infection techniques, such as sharing malware. 

While the TeamsPhisher tool was created for authorized U.S Navy operations, it flagged up the wider security risk that threat actors can use to target businesses. This appears to be the latest in cybersecurity issues currently plaguing Microsoft, having recently denied large scale DDoS attacks.

How Does TeamsPhisher Work?

Ultimately what’s happening here is that the client-side systems are being tricked into thinking of an external user as an internal Teams one. TeamsPhisher does this by changing the ID in a message’s POST request, and all that’s needed to use it is a valid Teams and Sharepoint license. 

Delete All?

Incogni by Surfshark can help you reclaim your information from third-party vendors.

The tool begins by verifying that the target user exists and can receive external messages. From there, it creates a new thread between itself and the target and sends a message with a Sharepoint attachment link.

The attacks can be batched, by giving TeamsPhisher the attachment, a message and list of users to target. It will upload the attachment to the sender’s Sharepoint and work through each recipient while repeating its actions.

The tool is sophisticated enough to provide a preview for attackers, helping them verify their target lists and ensure the message looks unsuspecting from a recipient’s point of view. A number of features could even be used to refine attacks, including sending secure file links that can only be viewed by the chosen recipient.

Although the tool was built for authorized red team operations, it’s clear to see how easily malicious actors could take advantage of the tool and these vulnerabilities.

A Resolution Won’t Be Immediate

The issue that TeamsPhisher exploits was initially flagged last month by UK-based cybersecurity experts Jumpsec. Microsoft was made aware of it, but told Jumpsec researchers that it didn’t meet the bar for immediate servicing. 

Despite the ability for attackers to spread malware without being detected, Microsoft has stated that it considers the attacks to rely on social engineering to be successful. 

In a statement to BleepingComputer, Microsoft added “we encourage customers to practice good computing habits online, including exercising caution when clicking on links to web pages, opening unknown files, or accepting file transfers.”

So while a system repair may not be on the horizon right now, there are a few safety precautions organizations can take to protect from getting attacked: Creating an allow-list for trusted domains can help limit the risk, as can disabling communication with external tenants if they’re not explicitly needed.

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at

Written by:
Ellis Di Cataldo (MA) has over 9 years experience writing about, and for, some of the world’s biggest tech companies. She's been the lead writer across digital campaigns, always-on content and worldwide product launches, for global brands including Sony, Electrolux, Byrd, The Open University and Barclaycard. Her particular areas of interest are business trends, startup stories and product news.
Explore More See all news
Back to top
close Thinking about your online privacy? NordVPN is's top-rated VPN service See Deals