When IT Support Calls: Dissecting a ModeloRAT Campaign from Teams to Domain Compromise

A sophisticated attacker leveraged Microsoft Teams phishing, a portable Python-based ModeloRAT, and a known privilege escalation exploit to rapidly escalate from social engineering to full domain compromise—demonstrating how trusted collaboration tools, identity abuse, and living-off-the-land techniques can swiftly undermine traditional enterprise defenses.