Recently, there have been reports of Kenyans hijacking the SHIF (Sustainable Healthcare Initiative Forum) training hosted on Microsoft Teams and engaging in disruptive activities, often referred to as “injecting.”
This involves participants gaining unauthorized access to the meeting, sharing inappropriate content, or engaging in other harmful behavior.
This incident draws attention to the vulnerabilities in Microsoft Teams, which has previously been exposed to various security issues, such as the ability to spoof URLs, leak IP addresses, and even allow attackers to bypass authentication by exploiting stored session tokens.
In these types of attacks, hijackers exploit loopholes in the way Microsoft Teams stores sensitive information, such as cleartext session tokens and cached conversations, allowing them to gain access to accounts and meetings without proper authentication.
This enables them to bypass security measures like multi-factor authentication and conditional access policies.
Microsoft has patched some vulnerabilities, but ongoing concerns about unpatched issues and weak spots in the platform continue to make it a target for such disruptions.
These incidents highlight the importance of maintaining secure practices, such as closely monitoring access and using encrypted channels for sensitive communications.
While the SHIF training incident is specific, it underscores a broader issue with online platforms being exploited for malicious purposes.
