This attack is real. I’ve had a few organizations complain about this. I have also posted about this attack. Bleeping computer posted a really good summary of it HERE.
This attack works as it bypasses traditional phishing defenses by operating entirely inside trusted collaboration workflows. The target believes they are speaking with an internal trusted party not knowing external actors can communicate and pose as anybody they want to be. Admins that enforce weak identity assurance and allow permissive external chat defaults are open to this attack.
You can reduce the risk of this attack by doing a few things. Admins should tighten federation controls and improve identity governance. This is similar to the thought that MFA isn’t strong enough to defend against modern phishing attacks. Think things like risk based conditional access. Admins can also remove ad-hoc remote assistance options within teams.
Check out the article to get a better understanding of this attack.