Microsoft security intelligence – Computer Security Articles

Credit to Author: Microsoft Security Threat Intelligence – Editor| Date: Tue, 18 Apr 2023 15:00:00 +0000

Microsoft is excited to announce that we are shifting to a new threat actor naming taxonomy aligned to the theme of weather. The complexity, scale, and volume of threats is increasing, driving the need to reimagine not only how Microsoft talks about threats but also how we enable customers to understand those threats quickly and with clarity.

The post Microsoft shifts to a new threat actor naming taxonomy appeared first on Microsoft Security Blog.

Microsoft Security

Nation-state threat actor Mint Sandstorm refines tradecraft to attack high-value targets

April 18, 2023 admin cybersecurity, microsoft, Microsoft security intelligence, mint sandstorm, nation-state actor, phosphorus, Security

Credit to Author: Microsoft Security Threat Intelligence| Date: Tue, 18 Apr 2023 15:00:00 +0000

Today, Microsoft is reporting on a distinct subset of Mint Sandstorm (formerly known as PHOSPHORUS), an Iranian threat actor that specializes in hacking into and stealing sensitive information from high-value targets. This subset is technically and operationally mature, capable of developing bespoke tooling and quickly weaponizing recently disclosed vulnerabilities.

The post Nation-state threat actor Mint Sandstorm refines tradecraft to attack high-value targets appeared first on Microsoft Security Blog.

Microsoft Security

Threat actors strive to cause Tax Day headaches

April 13, 2023 admin cybersecurity, microsoft defender for office 365, Microsoft security intelligence, phishing

Credit to Author: Microsoft Security Threat Intelligence – Editor| Date: Thu, 13 Apr 2023 17:00:00 +0000

With U.S. Tax Day approaching, Microsoft has observed phishing attacks targeting accounting and tax return preparation firms to deliver the Remcos RAT and compromise target networks.

The post Threat actors strive to cause Tax Day headaches appeared first on Microsoft Security Blog.

Microsoft Security

DEV-0196: QuaDream’s “KingsPawn” malware used to target civil society in Europe, North America, the Middle East, and Southeast Asia

April 11, 2023 admin cybersecurity, microsoft, Microsoft security intelligence, Mobile, private-sector offensive actor (psoa), Security

Credit to Author: Microsoft Security Threat Intelligence| Date: Tue, 11 Apr 2023 16:00:00 +0000

Microsoft analyzes a threat group tracked as DEV-0196, the actor’s iOS malware “KingsPawn”, and their link to an Israel-based private sector offensive actor (PSOA) known as QuaDream, which reportedly sells a suite of exploits, malware, and infrastructure called REIGN, that’s designed to exfiltrate data from mobile devices.

The post DEV-0196: QuaDream’s “KingsPawn” malware used to target civil society in Europe, North America, the Middle East, and Southeast Asia appeared first on Microsoft Security Blog.

Microsoft Security

MERCURY and DEV-1084: Destructive attack on hybrid environment

April 7, 2023 admin cybersecurity, mercury, microsoft, Microsoft security intelligence, Security

Credit to Author: Microsoft Security Threat Intelligence| Date: Fri, 07 Apr 2023 16:00:00 +0000

Microsoft detected a unique operation where threat actors carried out destructive actions in both on-premises and cloud environments.

The post MERCURY and DEV-1084: Destructive attack on hybrid environment appeared first on Microsoft Security Blog.

Microsoft Security

DevOps threat matrix

April 6, 2023 admin cybersecurity, microsoft, Microsoft security intelligence, Security

Credit to Author: Microsoft Security Threat Intelligence| Date: Thu, 06 Apr 2023 17:00:00 +0000

In this blog, we discuss threats we face in our DevOps environment, introducing our new threat matrix for DevOps. Using this matrix, we show the different techniques an adversary might use to attack an organization from the initial access phase and forward.

The post DevOps threat matrix appeared first on Microsoft Security Blog.

Microsoft Security

KillNet and affiliate hacktivist groups targeting healthcare with DDoS attacks

March 17, 2023 admin Azure Security, cybersecurity, ddos, Hacktivism, Microsoft security intelligence

Credit to Author: Microsoft Security Threat Intelligence – Editor| Date: Fri, 17 Mar 2023 16:00:00 +0000

In the last year, geopolitical tension has led to an uptick of reported cybercrime events fueled by hacktivist groups. The US Cybersecurity and Infrastructure Security Agency (CISA) published an advisory to warn organizations about these attacks and teamed with the FBI on a distributed denial-of-service (DDoS) response strategy guide. KillNet, a group that the US…

The post KillNet and affiliate hacktivist groups targeting healthcare with DDoS attacks appeared first on Microsoft Security Blog.

Microsoft Security

DEV-1101 enables high-volume AiTM campaigns with open-source phishing kit

March 13, 2023 admin adversary-in-the-middle, cybersecurity, Man In The Middle, microsoft, Microsoft security intelligence, phishing, Security

Credit to Author: Microsoft Security Threat Intelligence| Date: Mon, 13 Mar 2023 16:00:00 +0000

DEV-1101 is an actor tracked by Microsoft responsible for the development, support, and advertising of several AiTM phishing kits, including an open-source kit capable of circumventing MFA through reverse-proxy functionality.

The post DEV-1101 enables high-volume AiTM campaigns with open-source phishing kit appeared first on Microsoft Security Blog.

← Previous