Researchers at cybersecurity firm Sophos are monitoring several clusters of hacking activity that exploit Microsoft 365 instances, Microsoft Teams, and email bombing techniques to deploy ransomware. Two specific threat campaigns have been identified, attributed to a group known as Storm-1811, which has been utilizing these platforms to target organizations. Additionally, two ransomware groups, HellCat and Morpheus, have been found to share identical code in their attacks, indicating a trend where smaller, more agile cybercriminals may increasingly dominate the threat landscape. Reports suggest that these groups are using a common payload with minor adjustments tailored to specific victims, highlighting a concerning evolution in ransomware tactics.