---
title: "Manufacturer Hit Cyberattack, Fake Teams Breach, AI Targets MSMEs | DMARC Report"
description: "Latest cybersecurity roundup: a critical infrastructure manufacturer breached, fake Microsoft Teams chats used in phishing attacks, and AI-driven cyberattacks targeting Indian MSMEs."
image: "https://dmarcreport.com/og/blog/manufacturer-hit-cyberattack-fake-teams-breach-ai-targets-msmes.png"
canonical: "https://dmarcreport.com/blog/manufacturer-hit-cyberattack-fake-teams-breach-ai-targets-msmes/"
---

Quick Answer

Here’s a quick roundup of the latest cybersecurity developments grabbing eyeballs, from crucial infrastructure suppliers being targeted by cybercrooks to high-end phishing campaigns impersonating Microsoft Teams, and the surge of AI-driven cyberattacks primarily targeting Indian MSMEs. These cyber mishaps highlight how cyber threats are eventually becoming more sophisticated, industry-specific, and increasingly difficult to identify.

Related: [Free DMARC Checker](/tools/dmarc-checker/) ·[How to Create an SPF Record](/tools/spf-record-generator/) ·[SPF Record Format](/blog/spf-format-checker-dos-and-donts-for-email-authentication/) 

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fmanufacturer-hit-cyberattack-fake-teams-breach-ai-targets-msmes%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Manufacturer%20Hit%20Cyberattack%2C%20Fake%20Teams%20Breach%2C%20AI%20Targets%20MSMEs&url=undefined%2Fblog%2Fmanufacturer-hit-cyberattack-fake-teams-breach-ai-targets-msmes%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fmanufacturer-hit-cyberattack-fake-teams-breach-ai-targets-msmes%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fmanufacturer-hit-cyberattack-fake-teams-breach-ai-targets-msmes%2F&title=Manufacturer%20Hit%20Cyberattack%2C%20Fake%20Teams%20Breach%2C%20AI%20Targets%20MSMEs "Share on Reddit") [ ](mailto:?subject=Manufacturer%20Hit%20Cyberattack%2C%20Fake%20Teams%20Breach%2C%20AI%20Targets%20MSMEs&body=Check out this article: undefined%2Fblog%2Fmanufacturer-hit-cyberattack-fake-teams-breach-ai-targets-msmes%2F "Share via Email") 

![cybersecurity news](https://media.mailhop.org/dmarcreport/images/2026/04/gmail-dmarc-9392.jpg) 

Here’s a quick roundup of the latest **cybersecurity developments** grabbing eyeballs, from crucial infrastructure suppliers being targeted by cybercrooks to high-end [phishing campaigns](https://www.malwarebytes.com/blog/news/2026/01/phishing-campaign-abuses-google-cloud-services-to-steal-microsoft-365-logins) impersonating Microsoft Teams, and the surge of AI-driven cyberattacks primarily targeting Indian MSMEs. These cyber mishaps highlight how [cyber threats](https://cyberscoop.com/legislation-would-designate-critical-cyber-threat-actors-direct-sanctions-against-them/) are eventually becoming more sophisticated, industry-specific, and increasingly difficult to identify.

## A critical infrastructure equipment manufacturer falls prey to a cyberattack!

![Itron infrastructure security response](https://media.mailhop.org/dmarcreport/images/2026/04/what-is-dmarc-3170.jpg) 

[Threat actors](https://www.teiss.co.uk/news/threat-actor-claims-sale-of-mercedes-benz-usa-legal-and-customer-data-after-alleged-183-gb-breach-16791) managed to break into the networks of Itron, the supplier of critical devices used for measuring water and energy use. Itron revealed the cyber incident on Friday. It “took action to remediate and remove the unauthorized activity.” The **infrastructure vendor** believes the cyber intrusion occurred on April 13.

Itron has claimed that the cybercrooks could not access any [customer data](https://www.bbc.com/news/articles/cd6nyng861wo). Also, there has been no “subsequent unauthorized activity within its corporate systems.” 

Itron has already filed the details with the [SEC](https://www.investopedia.com/terms/s/sec.asp) and has mentioned that the [cyberattack](https://www.theguardian.com/world/2026/apr/07/iran-cyberattacks-infrastructure) could not affect its core operations. _Also, Itron expects the insurance provider to cover “a significant portion of its direct costs incurred relating to the incident.”_

Itron currently works with the **government sector** to provide smart meter devices. These devices are helpful for gas, electric, and water utility service providers. At present, Itron is working with [7700](https://www.cybersecuritydive.com/news/critical-infrastructure-cyberattack-itron-smart-meters/818547/) utility providers across 100 nations.

## Fake Microsoft Teams chats used to gain remote access and steal sensitive data!

![Fake helpdesk chat phishing alert](https://media.mailhop.org/dmarcreport/images/2026/04/dmarc-analyzer-6913.jpg) 

Google has issued a warning against a new phishing campaign that uses [fake Microsoft Teams](https://www.analyticsinsight.net/amp/story/news/google-warns-of-fake-microsoft-teams-chats-used-in-phishing-attacks) chats. This phishing campaign targets unsuspecting employees by sharing [credible text messages](https://www.paubox.com/blog/adding-credibility-to-text-messaging-campaigns-in-healthcare). They do so by closely mimicking the internal [IT support](https://www.servicenow.com/products/itsm/what-is-it-support.html) of the same organization.

Initially, the victim receives bulk [spam emails](https://thehackernews.com/2024/05/ongoing-campaign-bombarded-enterprises.html). This tactic is used to create a sense of panic and overwhelm. Next, the threat actors approach the victim on Teams while posing as a **helpdesk executive**. They try to create a sense of urgency by mentioning account issues and offering some quick-fix solutions. 

A **group of researchers** has revealed that a group of threat actors named [UNC6692](https://www.darkreading.com/cloud-security/unc6692-social-engineering-malware-cloud-abuse) is carrying out these phishing attacks. 

[Cybersecurity](/blog/email-security-meets-cybersecurity-understanding-the-role-of-dmarc-reports/) experts have urged employees to deploy [two-factor authentication](https://www.fortinet.com/resources/cyberglossary/two-factor-authentication). They must also completely **avoid clicking on any links** sent by unverified accounts. No passwords must be shared at any cost through links in any text messages. _And if an employee notices any suspicious activity, they must report it directly to the organization._

## Indian MSMEs are being targeted by AI-backed threat attacks!

![AI cyberattack MSME security vulnerability](https://media.mailhop.org/dmarcreport/images/2026/04/dmarc-record-1117.jpg) 

A crucial advisory has been issued by [CERT-In](https://forumias.com/blog/what-is-cert-in/) (Indian Computer Emergency Response Team), emphasizing the threat landscape across the South Asian country. CERT-In believes that AI has added a level of sophistication to the threat attacks. AI systems have enabled convenient “automation and scale” by scanning source code and **identifying vulnerabilities**. Cybercrooks are now leveraging AI to target India’s [Micro, Small, and Medium Enterprises (MSMEs)](https://en.wikipedia.org/wiki/Ministry%5Fof%5FMicro,%5FSmall%5Fand%5FMedium%5FEnterprises). 

With AI, breaking into a secure network no longer requires precision and hours of manual work. Threat actors can now evaluate source code in bulk in just a fraction of a second. This is done to find “[zero-day” vulnerabilities](https://oit.utk.edu/security/learning-library/article-archive/zero-day-vulnerabilities/). The worst part is that AI helps create “chain” exploits, which connect different vulnerabilities across **multiple platforms**. This eventually enables cybercriminals to breach the entire network systems of an organization.

Since MSMEs do not have an adequate budget for deploying **high-end cybersecurity systems** or [round-the-clock monitoring teams](https://www.emishealth.com/news-insights/round-the-clock-monitoring), they become an easy target for AI-backed cyberattackers. _CERT-In believes that MSMEs can no longer survive without upgrading their cybersecurity mechanisms._ 

## Robinhood tool misused to launch phishing attack!

A group of threat actors has discovered a vulnerability in the [Robinhood trading platform](https://www.aastocks.com/en/usq/news/comment.aspx?id=NOW.1519332&catg=1), and since then they have been using it to successfully send phishing emails to the **targets’ inboxes**. Their ultimate goal is to gain access to the victim’s login details. 

The threat actors discovered a flaw in **Robinhood’s account creation emails**. They are using the same flaw to successfully inject phishing content into the victim’s inbox. They are smartly redirecting the [noreply@robinhood.com](mailto:noreply@robinhood.com) mails to [credential-harvesting](https://cyble.com/blog/multi-brand-phishing-campaign-harvests-credentials/) fake landing pages.

![Global Cyber Risk Threat Roundup](https://media.mailhop.org/dmarcreport/images/2026/04/dmarc-check-6410.jpg) 

Robinhood, the popular [e-trading platform](https://www.fi-desk.com/have-credit-e-trading-platforms-just-been-liberated-in-us-markets/), has claimed that the vulnerability has been fixed. It has also stated that so far, no **customer funds** or accounts have been compromised. However, some of its users have started receiving warning emails about suspicious login activity.

Robinhood enables its users to buy and sell [ETFs](https://money.usnews.com/investing/articles/best-ai-etfs-to-buy), crypto, and Futures. _The e-trading platform has stated that the phishing attempt “was not a breach of our systems or customer accounts, and personal information and funds were not impacted.”_

The **landing page** created to harvest [sensitive data](https://www.graphic.com.gh/news/health/ghana-rejects-us-health-aid-deal.html) from targets has now been taken down. 

Rising **cybersecurity** threats, including AI-powered attacks and sophisticated phishing campaigns, highlight the urgent need for organizations to implement robust [email authentication](/blog/a-basic-guide-to-email-authentication-for-legal-professionals/) measures such as [DMARC](/), [SPF](/dmarc-fundamentals/what-is-spf/), and [DKIM](/dmarc-fundamentals/what-is-dkim/) to prevent spoofing and protect sensitive data.

## Topics

[ dkim ](/tags/dkim/)[ DMARC ](/tags/dmarc/)[ News ](/tags/news/)[ SPF ](/tags/spf/) 

![Brad Slavin](https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg) 

[ Brad Slavin ](/authors/brad-slavin/) 

General Manager

Founder and General Manager of DuoCircle. Product strategy and commercial lead for DMARC Report's 2,000+ customer base.

[LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) 

## Take control of your DMARC reports

Turn raw XML into actionable dashboards. Start free - no credit card required.

[Start Free Trial](https://app.dmarcreport.com/) [Check Your DMARC Record](/tools/dmarc-checker/) 

## Related Articles

[  Uncategorized 10m  Canvas Breach Crisis, PANOS ZeroDay Exploited, Teams Credential Heist  May 14, 2026 ](/blog/canvas-breach-crisis-panos-zeroday-exploited-teams-credential-heist/)[  Uncategorized 12m  How can I start protecting my G Suite email from phishing with DMARC?  Jan 28, 2026 ](/blog/how-to-protect-g-suite-email-from-phishing-using-dmarc/)[  Uncategorized 5m  Swedish Plant Hacked, UAE 800,000 Cyberattacks, Apple Alerts Exploited  Apr 23, 2026 ](/blog/swedish-plant-hacked-uae-800000-cyberattacks-apple-alerts-exploited/)[  Uncategorized 11m  Trellix Source Breach, MOVEit Auth Bypass, DAEMON Trojan Attack  May 7, 2026 ](/blog/trellix-source-breach-moveit-auth-bypass-daemon-trojan-attack/)

```json
{"@context":"https://schema.org","@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"DMARC Report","url":"https://dmarcreport.com","description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","publisher":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```

```json
[{"@context":"https://schema.org","@type":"BlogPosting","headline":"Manufacturer Hit Cyberattack, Fake Teams Breach, AI Targets MSMEs","description":"Latest cybersecurity roundup: a critical infrastructure manufacturer breached, fake Microsoft Teams chats used in phishing attacks, and AI-driven cyberattacks targeting Indian MSMEs.","url":"https://dmarcreport.com/blog/manufacturer-hit-cyberattack-fake-teams-breach-ai-targets-msmes/","datePublished":"2026-04-30T15:18:09.000Z","dateModified":"2026-04-30T15:18:13.000Z","dateCreated":"2026-04-30T15:18:09.000Z","author":{"@type":"Person","@id":"https://dmarcreport.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://dmarcreport.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://dmarcreport.com/blog/manufacturer-hit-cyberattack-fake-teams-breach-ai-targets-msmes/"},"articleSection":"uncategorized","keywords":"dkim, DMARC, News, SPF","wordCount":825,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/dmarcreport/images/2026/04/gmail-dmarc-9392.jpg","caption":"cybersecurity news","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}]
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://dmarcreport.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://dmarcreport.com/blog/"},{"@type":"ListItem","position":3,"name":"Uncategorized","item":"https://dmarcreport.com/uncategorized/"},{"@type":"ListItem","position":4,"name":"Manufacturer Hit Cyberattack, Fake Teams Breach, AI Targets MSMEs","item":"https://dmarcreport.com/blog/manufacturer-hit-cyberattack-fake-teams-breach-ai-targets-msmes/"}]}
```