Microsoft Teams is the confirmed delivery vector for Mistic, a fileless memory-resident backdoor deployed by KongTuke, an initial access broker with established ties to Qilin, Akira, Black Basta, and Rhysida ransomware groups. The malware uses Teams external messaging to deliver payloads executed by WinPython and Node.js, operates entirely in memory with no disk artifacts, and harvests credentials via a fake login overlay — making it invisible to file-based AV and resistant to standard forensic investigation. Organizations in insurance, education, IT, and professional services are the confirmed target sectors.