When coin miners evolve, Part 1: Exposing LemonDuck and LemonCat, modern mining malware infrastructure

Credit to Author: Eric Avena| Date: Thu, 22 Jul 2021 16:00:57 +0000

LemonDuck, an actively updated and robust malware that’s primarily known for its botnet and cryptocurrency mining objectives, adopted more sophisticated behavior and escalated its operations. Today, beyond using resources for its traditional bot and mining activities, LemonDuck steals credentials, removes security controls, spreads via emails, moves laterally, and ultimately drops more tools for human-operated activity.

The post When coin miners evolve, Part 1: Exposing LemonDuck and LemonCat, modern mining malware infrastructure appeared first on Microsoft Security Blog.

Read more

Microsoft delivers comprehensive solution to battle rise in consent phishing emails

Credit to Author: Eric Avena| Date: Wed, 14 Jul 2021 17:00:55 +0000

Microsoft threat analysts are tracking a continued increase in consent phishing emails, also called illicit consent grants, that abuse OAuth request links in an attempt to trick recipients into granting attacker-owned apps permissions to access sensitive data.

The post Microsoft delivers comprehensive solution to battle rise in consent phishing emails appeared first on Microsoft Security Blog.

Read more

Microsoft finds new NETGEAR firmware vulnerabilities that could lead to identity theft and full system compromise

Credit to Author: Eric Avena| Date: Wed, 30 Jun 2021 17:00:19 +0000

We discovered vulnerabilities in NETGEAR DGN-2200v1 series routers that can compromise a network’s security—opening the gates for attackers to roam untethered through an entire organization. We shared our findings with NETGEAR through coordinated vulnerability disclosure via Microsoft Security Vulnerability Research (MSVR), and worked closely with NETGEAR security and engineering teams to provide advice on mitigating these issues.

The post Microsoft finds new NETGEAR firmware vulnerabilities that could lead to identity theft and full system compromise appeared first on Microsoft Security Blog.

Read more

Behind the scenes of business email compromise: Using cross-domain threat data to disrupt a large BEC campaign

Credit to Author: Eric Avena| Date: Mon, 14 Jun 2021 16:00:44 +0000

Microsoft 365 Defender researchers recently uncovered and disrupted a large-scale business email compromise (BEC) infrastructure hosted in multiple web services. Attackers used this cloud-based infrastructure to compromise mailboxes via phishing and add forwarding rules, enabling these attackers to get access to emails about financial transactions.

The post Behind the scenes of business email compromise: Using cross-domain threat data to disrupt a large BEC campaign appeared first on Microsoft Security Blog.

Read more

Breaking down NOBELIUM’s latest early-stage toolset

Credit to Author: Eric Avena| Date: Fri, 28 May 2021 21:36:17 +0000

In this blog, we highlight four tools representing a unique infection chain utilized by NOBELIUM: EnvyScout, BoomBox, NativeZone, and VaporRage. These tools have been observed being used in the wild as early as February 2021 attempting to gain a foothold on a variety of sensitive diplomatic and government entities.

The post Breaking down NOBELIUM’s latest early-stage toolset appeared first on Microsoft Security.

Read more

New sophisticated email-based attack from NOBELIUM

Credit to Author: Emma Jones| Date: Fri, 28 May 2021 00:00:50 +0000

Microsoft Threat Intelligence Center (MSTIC) has uncovered a wide-scale malicious email campaign operated by NOBELIUM, the threat actor behind the attacks against SolarWinds, the SUNBURST backdoor, TEARDROP malware, GoldMax malware, and other related components. The campaign, initially observed and tracked by Microsoft since January 2021, evolved over a series of waves demonstrating significant experimentation.

The post New sophisticated email-based attack from NOBELIUM appeared first on Microsoft Security.

Read more

Phorpiex morphs: How a longstanding botnet persists and thrives in the current threat environment

Credit to Author: Eric Avena| Date: Thu, 20 May 2021 17:00:56 +0000

Phorpiex, an enduring botnet known for extortion campaigns and for using old-fashioned worms, began diversifying its infrastructure in recent years to become more resilient and to deliver more dangerous payloads. Today, the Phorphiex botnet continues to maintain a large network of bots and generates wide-ranging malicious activities. These activities have expanded to include cryptocurrency mining. Read our in-depth research into this botnet.

The post Phorpiex morphs: How a longstanding botnet persists and thrives in the current threat environment appeared first on Microsoft Security.

Read more

Business email compromise campaign targets wide range of orgs with gift card scam

Credit to Author: Eric Avena| Date: Thu, 06 May 2021 16:00:15 +0000

Read our investigation of a BEC campaign that used attacker-created email infrastructure to facilitate gift card theft targeting the consumer goods, process manufacturing and agriculture, real estate, discrete manufacturing, and professional services sectors.

The post Business email compromise campaign targets wide range of orgs with gift card scam appeared first on Microsoft Security.

Read more