Click here to download all references as Bib-File.•
| 2024-10-17
⋅
Microsoft Security
⋅
New macOS vulnerability, “HM Surf”, could lead to unauthorized data access |
| 2024-09-26
⋅
Microsoft
⋅
Storm-0501: Ransomware attacks expanding to hybrid cloud environments Storm-0501 |
| 2024-08-30
⋅
Microsoft
⋅
North Korean threat actor Citrine Sleet exploiting Chromium zero-day FudModule Lazarus Group |
| 2024-05-28
⋅
Microsoft
⋅
Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks splitloader |
| 2024-05-15
⋅
Microsoft
⋅
Threat actors misusing Quick Assist in social engineering attacks leading to ransomware Black Basta Cobalt Strike QakBot SystemBC |
| 2024-05-15
⋅
Microsoft
⋅
Threat actors misusing Quick Assist in social engineering attacks leading to ransomware Black Basta Cobalt Strike QakBot UNC4393 |
| 2024-04-22
⋅
Microsoft
⋅
Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials GooseEgg |
| 2024-02-07
⋅
Microsoft
⋅
Iran surges cyber-enabled influence operations in support of Hamas |
| 2024-01-25
⋅
Microsoft
⋅
Midnight Blizzard: Guidance for responders on nation-state attack UNC2452 |
| 2024-01-17
⋅
Microsoft
⋅
New TTPs observed in Mint Sandstorm campaign targeting high-profile individuals at universities and research orgs MediaPI |
| 2023-12-12
⋅
Microsoft
⋅
Threat actors misuse OAuth applications to automate financially driven attacks Storm-1283 Storm-1286 |
| 2023-12-07
⋅
Microsoft
⋅
Star Blizzard increases sophistication and evasion in ongoing attacks Callisto |
| 2023-12-01
⋅
Twitter (@MsftSecIntel)
⋅
Tweet about Storm-1044 and Storm-0216, Danabot leading to Cactus ransomware Cactus DanaBot TA2101 |
| 2023-12-01
⋅
Twitter (@MsftSecIntel)
⋅
Tweet on Danabot leading to cactus ransomware Cactus DanaBot Storm-1044 |
| 2023-11-22
⋅
Microsoft
⋅
Diamond Sleet supply chain compromise distributes a modified CyberLink installer LambLoad |
| 2023-11-09
⋅
Microsoft
⋅
Microsoft shares threat intelligence at CYBERWARCON 2023 Blue Tsunami |
| 2023-10-25
⋅
Microsoft
⋅
Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction BlackCat BlackCat Lumma Stealer |
| 2023-10-18
⋅
Microsoft
⋅
Multiple North Korean threat actors exploiting the TeamCity CVE-2023-42793 vulnerability FeedLoad ForestTiger HazyLoad RollSling Silent Chollima |
| 2023-10-13
⋅
Twitter (@MsftSecIntel)
⋅
Tweet on Storm-1575 and Dadsec phishing platform Storm-1575 |
| 2023-10-11
⋅
Twitter (@MsftSecIntel)
⋅
Tweet on Storm-0062 exploiting CVE-2023-22515 Storm-0062 |