Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-03-22The Hacker NewsRavie Lakshmanan
@online{lakshmanan:20220322:microsoft:3373c3d, author = {Ravie Lakshmanan}, title = {{Microsoft and Okta Confirm Breach by LAPSUS$ Extortion Group}}, date = {2022-03-22}, organization = {The Hacker News}, url = {https://thehackernews.com/2022/03/microsoft-and-okta-confirm-breach-by.html}, language = {English}, urldate = {2022-03-23} } Microsoft and Okta Confirm Breach by LAPSUS$ Extortion Group
RedLine Stealer
2022-03-22MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Detection and Response Team (DART), Microsoft 365 Defender Threat Intelligence Team
@online{mstic:20220322:dev0537:eea56dc, author = {Microsoft Threat Intelligence Center (MSTIC) and Detection and Response Team (DART) and Microsoft 365 Defender Threat Intelligence Team}, title = {{DEV-0537 (LAPSUS$/UNC3661) criminal actor targeting organizations for data exfiltration and destruction}}, date = {2022-03-22}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/03/22/dev-0537-criminal-actor-targeting-organizations-for-data-exfiltration-and-destruction/}, language = {English}, urldate = {2022-04-29} } DEV-0537 (LAPSUS$/UNC3661) criminal actor targeting organizations for data exfiltration and destruction
RedLine Stealer LAPSUS
2022-03-22Bleeping ComputerLawrence Abrams
@online{abrams:20220322:microsoft:54e0518, author = {Lawrence Abrams}, title = {{Microsoft confirms they were hacked by Lapsus$ extortion group}}, date = {2022-03-22}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-they-were-hacked-by-lapsus-extortion-group/}, language = {English}, urldate = {2022-03-23} } Microsoft confirms they were hacked by Lapsus$ extortion group
RedLine Stealer
2022-03-16MicrosoftMicrosoft Defender for IoT Research Team, Microsoft Threat Intelligence Center (MSTIC)
@online{team:20220316:uncovering:aae61b5, author = {Microsoft Defender for IoT Research Team and Microsoft Threat Intelligence Center (MSTIC)}, title = {{Uncovering Trickbot’s use of IoT devices in command-and-control infrastructure}}, date = {2022-03-16}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/03/16/uncovering-trickbots-use-of-iot-devices-in-command-and-control-infrastructure/}, language = {English}, urldate = {2022-03-17} } Uncovering Trickbot’s use of IoT devices in command-and-control infrastructure
TrickBot
2022-03-11MicrosoftMicrosoft Detection and Response Team (DART)
@online{dart:20220311:part:2a214e2, author = {Microsoft Detection and Response Team (DART)}, title = {{Part 1: LockBit 2.0 ransomware bugs and database recovery attempts}}, date = {2022-03-11}, organization = {Microsoft}, url = {https://techcommunity.microsoft.com/t5/security-compliance-and-identity/part-1-lockbit-2-0-ransomware-bugs-and-database-recovery/ba-p/3254354}, language = {English}, urldate = {2022-03-14} } Part 1: LockBit 2.0 ransomware bugs and database recovery attempts
LockBit
2022-03-11MicrosoftMicrosoft Detection and Response Team (DART)
@online{dart:20220311:part:13e8665, author = {Microsoft Detection and Response Team (DART)}, title = {{Part 2: LockBit 2.0 ransomware bugs and database recovery attempts}}, date = {2022-03-11}, organization = {Microsoft}, url = {https://techcommunity.microsoft.com/t5/security-compliance-and-identity/part-2-lockbit-2-0-ransomware-bugs-and-database-recovery/ba-p/3254421}, language = {English}, urldate = {2022-03-14} } Part 2: LockBit 2.0 ransomware bugs and database recovery attempts
LockBit
2022-02-28Microsoft Sentinel 101mzorich
@online{mzorich:20220228:detecting:7fd9162, author = {mzorich}, title = {{Detecting malware kill chains with Defender and Microsoft Sentinel}}, date = {2022-02-28}, organization = {Microsoft Sentinel 101}, url = {https://learnsentinel.blog/2022/02/28/detecting-malware-kill-chains-with-defender-and-microsoft-sentinel/}, language = {English}, urldate = {2022-03-02} } Detecting malware kill chains with Defender and Microsoft Sentinel
HermeticWiper
2022-02-28MicrosoftMSRC Team
@online{team:20220228:cyber:8ef46fd, author = {MSRC Team}, title = {{Cyber threat activity in Ukraine: analysis and resources}}, date = {2022-02-28}, organization = {Microsoft}, url = {https://msrc-blog.microsoft.com/2022/02/28/analysis-resources-cyber-threat-activity-ukraine}, language = {English}, urldate = {2022-03-07} } Cyber threat activity in Ukraine: analysis and resources
HermeticWiper IsaacWiper PartyTicket WhisperGate
2022-02-28ZDNetJonathan Greig
@online{greig:20220228:microsoft:0e59d45, author = {Jonathan Greig}, title = {{Microsoft finds FoxBlade malware on Ukrainian systems, removes RT from Windows app store}}, date = {2022-02-28}, organization = {ZDNet}, url = {https://www.zdnet.com/article/microsoft-finds-foxblade-malware-on-ukrainian-systems-removing-rt-from-windows-app-store/}, language = {English}, urldate = {2022-03-07} } Microsoft finds FoxBlade malware on Ukrainian systems, removes RT from Windows app store
HermeticWiper
2022-02-24CheckpointMoshe Marelus
@online{marelus:20220224:new:dc2f291, author = {Moshe Marelus}, title = {{New Malware Capable of Controlling Social Media Accounts Infects 5,000+ Machines and is actively being Distributed via Gaming Applications on Microsoft’s Official Store}}, date = {2022-02-24}, organization = {Checkpoint}, url = {https://research.checkpoint.com/2022/new-malware-capable-of-controlling-social-media-accounts-infects-5000-machines-and-is-actively-being-distributed-via-gaming-applications-on-microsofts-official-store/}, language = {English}, urldate = {2022-03-01} } New Malware Capable of Controlling Social Media Accounts Infects 5,000+ Machines and is actively being Distributed via Gaming Applications on Microsoft’s Official Store
2022-02-24Bleeping ComputerBill Toulas
@online{toulas:20220224:microsoft:4ade21b, author = {Bill Toulas}, title = {{Microsoft Exchange servers hacked to deploy Cuba ransomware}}, date = {2022-02-24}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/microsoft-exchange-servers-hacked-to-deploy-cuba-ransomware/}, language = {English}, urldate = {2022-03-01} } Microsoft Exchange servers hacked to deploy Cuba ransomware
Cuba
2022-02-22Bleeping ComputerBill Toulas
@online{toulas:20220222:vulnerable:80109eb, author = {Bill Toulas}, title = {{Vulnerable Microsoft SQL Servers targeted with Cobalt Strike}}, date = {2022-02-22}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/vulnerable-microsoft-sql-servers-targeted-with-cobalt-strike/}, language = {English}, urldate = {2022-02-26} } Vulnerable Microsoft SQL Servers targeted with Cobalt Strike
Cobalt Strike Kingminer Lemon Duck
2022-02-15FortinetTim Lau
@online{lau:20220215:analysis:150f133, author = {Tim Lau}, title = {{Analysis of Microsoft CVE-2022-21907}}, date = {2022-02-15}, organization = {Fortinet}, url = {https://www.fortinet.com/blog/threat-research/analysis-of-microsoft-cve-2022-21907}, language = {English}, urldate = {2022-02-19} } Analysis of Microsoft CVE-2022-21907
2022-02-04MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Microsoft Digital Security Unit (DSU)
@online{mstic:20220204:actinium:739151c, author = {Microsoft Threat Intelligence Center (MSTIC) and Microsoft Digital Security Unit (DSU)}, title = {{ACTINIUM targets Ukrainian organizations}}, date = {2022-02-04}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/02/04/actinium-targets-ukrainian-organizations/}, language = {English}, urldate = {2022-02-07} } ACTINIUM targets Ukrainian organizations
Pteranodon Gamaredon Group
2022-02-02MicrosoftMicrosoft 365 Defender Threat Intelligence Team
@online{team:20220202:evolution:4f55642, author = {Microsoft 365 Defender Threat Intelligence Team}, title = {{The evolution of a Mac trojan: UpdateAgent’s progression}}, date = {2022-02-02}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/02/02/the-evolution-of-a-mac-trojan-updateagents-progression/}, language = {English}, urldate = {2022-02-04} } The evolution of a Mac trojan: UpdateAgent’s progression
UpdateAgent
2022-01-31MicrosoftMicrosoft
@techreport{microsoft:20220131:identity:07b7e16, author = {Microsoft}, title = {{Identity is the New Battelground}}, date = {2022-01-31}, institution = {Microsoft}, url = {https://news.microsoft.com/wp-content/uploads/prod/sites/626/2022/02/Cyber-Signals-E-1.pdf}, language = {English}, urldate = {2022-02-04} } Identity is the New Battelground
2022-01-18MicrosoftMicrosoft 365 Defender Threat Intelligence Team
@online{team:20220118:evolved:87fc647, author = {Microsoft 365 Defender Threat Intelligence Team}, title = {{Evolved phishing: Device registration trick adds to phishers’ toolbox for victims without MFA}}, date = {2022-01-18}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/01/26/evolved-phishing-device-registration-trick-adds-to-phishers-toolbox-for-victims-without-mfa/}, language = {English}, urldate = {2022-01-31} } Evolved phishing: Device registration trick adds to phishers’ toolbox for victims without MFA
WhisperGate
2022-01-15MicrosoftMicrosoft, Microsoft Security Intelligence, Microsoft Digital Security Unit (DSU), Microsoft Detection and Response Team (DART), Microsoft 365 Defender Threat Intelligence Team
@online{microsoft:20220115:destructive:77ac2f5, author = {Microsoft and Microsoft Security Intelligence and Microsoft Digital Security Unit (DSU) and Microsoft Detection and Response Team (DART) and Microsoft 365 Defender Threat Intelligence Team}, title = {{Destructive malware targeting Ukrainian organizations (DEV-0586)}}, date = {2022-01-15}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/}, language = {English}, urldate = {2022-01-18} } Destructive malware targeting Ukrainian organizations (DEV-0586)
WhisperGate
2022-01-15MicrosoftTom Burt
@online{burt:20220115:malware:5f4e2d4, author = {Tom Burt}, title = {{Malware attacks targeting Ukraine government (DEV-0586)}}, date = {2022-01-15}, organization = {Microsoft}, url = {https://blogs.microsoft.com/on-the-issues/2022/01/15/mstic-malware-cyberattacks-ukraine-government/}, language = {English}, urldate = {2022-04-15} } Malware attacks targeting Ukraine government (DEV-0586)
WhisperGate
2022-01-12AhnLabASEC Analysis Team
@online{team:20220112:magniber:29a6c92, author = {ASEC Analysis Team}, title = {{Magniber Ransomware Being Distributed via Microsoft Edge and Google Chrome}}, date = {2022-01-12}, organization = {AhnLab}, url = {https://asec.ahnlab.com/en/30645/}, language = {English}, urldate = {2022-01-25} } Magniber Ransomware Being Distributed via Microsoft Edge and Google Chrome
Magniber