Cybercriminals linked to the Blitz Brigantine group (also known as Storm-1811 and tied to Black Basta ransomware) are running an evolving social-engineering campaign that abuses Microsoft Teams. Attackers first bombard targets with email flooding to create chaos, then contact victims via Teams pretending to be internal IT help desk offering to resolve the "issue." They convince employees to launch Windows Quick Assist for remote support, granting full device control. Once in, the hackers deploy signed MSI installers masquerading as legitimate Microsoft components, which sideload malware and drop the new A0Backdoor backdoor using techniques like DLL sideloading and runtime decryption. The backdoor communicates covertly via DNS tunneling to evade detection, paving the way for data theft or ransomware deployment. Organizations are urged to treat Teams as a potential initial access vector, restrict Quick Assist usage, and monitor unsolicited external chats.