MTFMT A.I CyberSecurity Scoring
MTFMT
Company Information
Website:https://freshmango.co.uk/
Employees number:None
Number of followers:8
NAICS:5415
Industry Type:IT Services and IT Consulting
Homepage:freshmango.co.uk
MTFMT Risk Score (AI oriented)
Between 750 and 799
MTFMTIT Services and IT Consulting
Updated:
16/06/2026
16/06/2026
753/1000
Fair
Baa
MTFMT Global Score (TPRM)
xxxx
MTFMTIT Services and IT Consulting
Score locked

MTFMTFair
Current Score
753Baa (FAIR)
01000
2 incidents
-5 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
753
JUNE 2026
758
Vulnerability
16 Jun 2026 • MTFMT
Huawei, Microsoft, Palo Alto Networks and Tower of Fantasy: Ransomware gang abuses Microsoft Teams relays to hide malicious traffic
DragonForce Ransomware Abuses Microsoft Teams TURN Relays in Sophisticated Attack
753
CRITICAL-5
PALHUAAMEMIC1781613039
DragonForce Ransomware Abuses Microsoft Teams TURN Relays in Sophisticated Attack
In December 2025, the DragonForce ransomware group deployed a novel malware strain, Backdoor.Turn, to conceal command-and-control (C2) traffic within Microsoft Teams’ infrastructure. The attack targeted a major U.S. services company, leveraging a custom Go-based remote access trojan (RAT) to evade detection.
The malware exploits Microsoft Teams’ Traversal Using Relays around NAT (TURN) protocol, which facilitates message delivery when direct client connections are unavailable. By obtaining an anonymous Teams visitor token and routing traffic through legitimate Microsoft TURN relays, Backdoor.Turn masks malicious communications as trusted network activity making it the first known in-the-wild malware to abuse this technique.
DragonForce, active since at least 2023 and linked to the Scattered Spider threat group, employed a multi-stage attack chain. Initial access likely came via an unknown SQL/MSSQL server vulnerability, followed by the deployment of a ZIP archive containing a legitimate VirtualBox/DbgView executable and a malicious DLL for sideloading. Attackers then established persistence, created rogue user accounts, weakened Windows security policies, and modified firewall rules.
To escalate privileges and disable defenses, the group used Bring Your Own Vulnerable Driver (BYOVD) tactics, exploiting multiple drivers, including:
- Huawei’s HWAuidoOs2Ec.sys (Havoc Process Terminator)
- Topaz Antifraud wsftprm.sys (CVE-2023-52271)
- Tower of Fantasy GameDriverx64.sys (CVE-2025-61155)
- K7 Security K7RKScan.sys (CVE-2025-1055)
- A custom malicious driver, ABYSSWORKER, disguised as a Palo Alto driver.
Backdoor.Turn was injected into DbgView64.exe, enabling capabilities such as command execution, process manipulation, network scanning, credential theft, and Active Directory reconnaissance. After exfiltrating data, the attackers deployed DragonForce ransomware, encrypting the victim’s systems.
Symantec researchers described the campaign as employing "exceptionally sophisticated cyber tradecraft" and released indicators of compromise (IoCs) to aid detection. The incident underscores the growing abuse of trusted enterprise tools for covert C2 operations.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
MAY 2026
758
APRIL 2026
758
MARCH 2026
758
FEBRUARY 2026
758
JANUARY 2026
757
DECEMBER 2025
757
NOVEMBER 2025
757
OCTOBER 2025
757
SEPTEMBER 2025
757
AUGUST 2025
757
MARCH 2024
756
Vulnerability
01 Mar 2024 • MTFMT
Microsoft: Cyber Security News ®’s Post
Microsoft Teams Vulnerability (CVE-2024-38197) Exposed Identity Trust Risks
755
CRITICAL-1
MIC1778646224
Microsoft Teams Vulnerability (CVE-2024-38197) Exposed Identity Trust Risks for 18 Months
A critical vulnerability in Microsoft Teams (CVE-2024-38197) allowed attackers to spoof sender identities in chat messages, exploiting the trust employees place in familiar names and profiles. Disclosed by Check Point in March 2024, the flaw enabled threat actors to impersonate colleagues such as a CFO by altering the sender’s name in messages, creating a high-risk vector for wire fraud and social engineering in regulated industries like banking and finance.
Microsoft did not fully patch the issue until October 2025, leaving over 320 million monthly active users exposed for 18 months. The vulnerability highlighted a broader weakness in identity verification within communication platforms, where even phishing-resistant MFA controls proved ineffective if the underlying identity layer was compromised.
The flaw stemmed from insecure file and directory access in Teams, allowing attackers to manipulate trusted elements within the application. While a patch has since been released, the incident underscored the need for zero-trust governance in collaboration tools, including least-privilege access, verified identities, and out-of-band confirmation for high-stakes actions initiated via chat.
Security teams were urged to update incident response playbooks to account for Teams-based compromises, as the attack surface extended beyond technical exploits to include trust-based social engineering. The case reinforced that cybersecurity defenses must address both system integrity and human psychology to mitigate modern threats.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
REFERENCES
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for MTFMT ??
What was MTFMT's A.I Rankiteo Cyber Score in June 2026 ??
What was MTFMT's A.I Rankiteo Cyber Score in May 2026 ??
What was MTFMT's A.I Rankiteo Cyber Score in April 2026 ??
What was MTFMT's A.I Rankiteo Cyber Score in March 2026 ??
What was MTFMT's A.I Rankiteo Cyber Score in February 2026 ??
What was MTFMT's A.I Rankiteo Cyber Score in January 2026 ??
What was MTFMT's A.I Rankiteo Cyber Score in December 2025 ??
What was MTFMT's A.I Rankiteo Cyber Score in November 2025 ??
What was MTFMT's A.I Rankiteo Cyber Score in October 2025 ??
What was MTFMT's A.I Rankiteo Cyber Score in September 2025 ??
What was MTFMT's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on MTFMT's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with MTFMT ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view MTFMT's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?