Click here to download all references as Bib-File.•
| 2024-12-11
⋅
Microsoft
⋅
Frequent freeloader part II: Russian actor Secret Blizzard using tools of other groups to attack Ukraine Amadey Kazuar Wipbot FlyingYeti |
| 2024-12-04
⋅
Microsoft
⋅
Frequent freeloader part I: Secret Blizzard compromising Storm-0156 infrastructure for espionage Crimson RAT MiniPocket TwoDash Wainscot Operation C-Major |
| 2024-10-31
⋅
Microsoft
⋅
Chinese threat actor Storm-0940 uses credentials from password spray attacks from a covert network Storm-0940 |
| 2024-10-29
⋅
Microsoft
⋅
Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files |
| 2024-10-17
⋅
Microsoft Security
⋅
New macOS vulnerability, “HM Surf”, could lead to unauthorized data access |
| 2024-09-26
⋅
Microsoft
⋅
Storm-0501: Ransomware attacks expanding to hybrid cloud environments Storm-0501 |
| 2024-08-30
⋅
Microsoft
⋅
North Korean threat actor Citrine Sleet exploiting Chromium zero-day FudModule |
| 2024-05-28
⋅
Microsoft
⋅
Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks splitloader |
| 2024-05-15
⋅
Microsoft
⋅
Threat actors misusing Quick Assist in social engineering attacks leading to ransomware Black Basta Cobalt Strike QakBot SystemBC |
| 2024-05-15
⋅
Microsoft
⋅
Threat actors misusing Quick Assist in social engineering attacks leading to ransomware Black Basta Cobalt Strike QakBot |
| 2024-04-22
⋅
Microsoft
⋅
Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials GooseEgg |
| 2024-02-07
⋅
Microsoft
⋅
Iran surges cyber-enabled influence operations in support of Hamas |
| 2024-01-25
⋅
Microsoft
⋅
Midnight Blizzard: Guidance for responders on nation-state attack UNC2452 |
| 2024-01-17
⋅
Microsoft
⋅
New TTPs observed in Mint Sandstorm campaign targeting high-profile individuals at universities and research orgs MediaPI |
| 2023-12-12
⋅
Microsoft
⋅
Threat actors misuse OAuth applications to automate financially driven attacks Storm-1283 Storm-1286 |
| 2023-12-07
⋅
Microsoft
⋅
Star Blizzard increases sophistication and evasion in ongoing attacks Callisto |
| 2023-12-01
⋅
Twitter (@MsftSecIntel)
⋅
Tweet on Danabot leading to cactus ransomware Cactus DanaBot Storm-1044 |
| 2023-11-22
⋅
Microsoft
⋅
Diamond Sleet supply chain compromise distributes a modified CyberLink installer LambLoad |
| 2023-11-09
⋅
Microsoft
⋅
Microsoft shares threat intelligence at CYBERWARCON 2023 Blue Tsunami |
| 2023-10-18
⋅
Microsoft
⋅
Multiple North Korean threat actors exploiting the TeamCity CVE-2023-42793 vulnerability FeedLoad ForestTiger HazyLoad RollSling Silent Chollima |