Click here to download all references as Bib-File.•
2022-02-04
⋅
Microsoft
⋅
ACTINIUM targets Ukrainian organizations Pteranodon Gamaredon Group |
2022-02-04
⋅
Microsoft
⋅
ACTINIUM targets Ukrainian organizations DilongTrash DinoTrain Pteranodon QuietSieve Gamaredon Group |
2021-12-11
⋅
Microsoft
⋅
Guidance for preventing, detecting, and hunting for exploitation of the Log4j 2 vulnerability Khonsari NightSky BRONZE STARLIGHT |
2021-12-06
⋅
Microsoft
⋅
NICKEL targeting government organizations across Latin America and Europe MimiKatz |
2021-12-06
⋅
Mandiant
⋅
Suspected Russian Activity Targeting Government and Business Entities Around the Globe (UNC2452) Cobalt Strike CryptBot |
2021-11-18
⋅
Microsoft
⋅
Iranian targeting of IT sector on the rise MimiKatz ShellClient RAT Cuboid Sandstorm |
2021-11-16
⋅
Microsoft
⋅
Evolving trends in Iranian threat actor activity – MSTIC presentation at CyberWarCon 2021 APT35 Gray Sandstorm |
2021-11-16
⋅
Microsoft
⋅
Evolving trends in Iranian threat actor activity – MSTIC presentation at CyberWarCon 2021 |
2021-11-08
⋅
Microsoft
⋅
Threat actor DEV-0322 exploiting ZOHO ManageEngine ADSelfService Plus |
2021-10-25
⋅
Microsoft
⋅
NOBELIUM targeting delegated administrative privileges to facilitate broader attacks |
2021-10-11
⋅
Microsoft
⋅
Iran-linked DEV-0343 targeting defense, GIS, and maritime sectors |
2021-09-27
⋅
Microsoft
⋅
FoggyWeb: Targeted NOBELIUM malware leads to persistent backdoor |
2021-09-15
⋅
Microsoft
⋅
Analyzing attacks that exploit the CVE-2021-40444 MSHTML vulnerability EXOTIC LILY |
2021-09-15
⋅
Microsoft
⋅
Analyzing attacks that exploit the CVE-2021-40444 MSHTML vulnerability Cobalt Strike |
2021-07-15
⋅
Microsoft
⋅
Protecting customers from a private-sector offensive actor using 0-day exploits and DevilsTongue malware Caramel Tsunami |
2021-07-15
⋅
Microsoft
⋅
Protecting customers from a private-sector offensive actor using 0-day exploits and DevilsTongue malware |
2021-07-14
⋅
Microsoft
⋅
Microsoft delivers comprehensive solution to battle rise in consent phishing emails |
2021-07-13
⋅
Microsoft
⋅
Microsoft discovers threat actor (DEV-0322) targeting SolarWinds Serv-U software with 0-day exploit |
2021-06-14
⋅
Microsoft
⋅
Behind the scenes of business email compromise: Using cross-domain threat data to disrupt a large BEC campaign |
2021-06-01
⋅
Microsoft
⋅
New sophisticated email-based attack from NOBELIUM Cobalt Strike |
2021-05-28
⋅
Microsoft
⋅
Breaking down NOBELIUM’s latest early-stage toolset BOOMBOX Cobalt Strike |
2021-03-04
⋅
Microsoft
⋅
GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s layered persistence SUNBURST TEARDROP UNC2452 |
2021-03-02
⋅
Microsoft
⋅
HAFNIUM targeting Exchange Servers with 0-day exploits CHINACHOPPER HAFNIUM |
2021-03-02
⋅
Microsoft
⋅
HAFNIUM targeting Exchange Servers with 0-day exploits PowerCat |
2021-01-28
⋅
Microsoft
⋅
ZINC attacks against security researchers ComeBacker Klackring |
2021-01-20
⋅
Microsoft
⋅
Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop Cobalt Strike SUNBURST TEARDROP |
2020-12-18
⋅
Microsoft
⋅
Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers SUNBURST SUPERNOVA TEARDROP UNC2452 |
2020-11-30
⋅
Microsoft
⋅
Threat actor (BISMUTH) leverages coin miner techniques to stay under the radar – here’s how to spot them Cobalt Strike |
2020-09-10
⋅
Microsoft
⋅
STRONTIUM: Detecting new patterns in credential harvesting APT28 |
2019-12-12
⋅
Microsoft
⋅
GALLIUM: Targeting global telecom CHINACHOPPER Ghost RAT HTran MimiKatz Poison Ivy GALLIUM |