Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-09-12MicrosoftMicrosoft Threat Intelligence
@online{intelligence:20230912:malware:3a31afc, author = {Microsoft Threat Intelligence}, title = {{Malware distributor Storm-0324 facilitates ransomware access}}, date = {2023-09-12}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/security/blog/2023/09/12/malware-distributor-storm-0324-facilitates-ransomware-access/}, language = {English}, urldate = {2023-09-13} } Malware distributor Storm-0324 facilitates ransomware access
JSSLoader
2023-09-07MicrosoftMicrosoft Threat Analysis Center (MTAC)
@online{mtac:20230907:sophistication:0ef654f, author = {Microsoft Threat Analysis Center (MTAC)}, title = {{Sophistication, scope, and scale: Digital threats from East Asia increase in breadth and effectiveness}}, date = {2023-09-07}, organization = {Microsoft}, url = {https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RW1aFyW}, language = {English}, urldate = {2023-09-11} } Sophistication, scope, and scale: Digital threats from East Asia increase in breadth and effectiveness
2023-09-07MicrosoftClint Watts
@online{watts:20230907:china:1b6c403, author = {Clint Watts}, title = {{China, North Korea pursue new targets while honing cyber capabilities}}, date = {2023-09-07}, organization = {Microsoft}, url = {https://blogs.microsoft.com/on-the-issues/2023/09/07/digital-threats-cyberattacks-east-asia-china-north-korea/}, language = {English}, urldate = {2023-09-08} } China, North Korea pursue new targets while honing cyber capabilities
2023-09-06MicrosoftMicrosoft Security Response Center (MSRC)
@online{msrc:20230906:results:7ed992f, author = {Microsoft Security Response Center (MSRC)}, title = {{Results of Major Technical Investigations for Storm-0558 Key Acquisition}}, date = {2023-09-06}, organization = {Microsoft}, url = {https://msrc.microsoft.com/blog/2023/09/results-of-major-technical-investigations-for-storm-0558-key-acquisition}, language = {English}, urldate = {2023-09-11} } Results of Major Technical Investigations for Storm-0558 Key Acquisition
2023-09-06TRUESECJakob Nordenlund
@online{nordenlund:20230906:darkgate:cbe3f9b, author = {Jakob Nordenlund}, title = {{DarkGate Loader Malware Delivered via Microsoft Teams}}, date = {2023-09-06}, organization = {TRUESEC}, url = {https://www.truesec.com/hub/blog/darkgate-loader-delivered-via-teams}, language = {English}, urldate = {2023-09-08} } DarkGate Loader Malware Delivered via Microsoft Teams
DarkGate
2023-09-01MicrosoftMicrosoft Threat Analysis Center (MTAC)
@techreport{mtac:20230901:russias:76e3f04, author = {Microsoft Threat Analysis Center (MTAC)}, title = {{Russia’s influence networks in Sahel activated after coups}}, date = {2023-09-01}, institution = {Microsoft}, url = {https://blogs.microsoft.com/wp-content/uploads/prod/sites/5/2023/09/Sahel-Gabon-Coup-Playbook-PDF.pdf}, language = {English}, urldate = {2023-09-08} } Russia’s influence networks in Sahel activated after coups
2023-08-24MicrosoftMicrosoft Threat Intelligence
@online{intelligence:20230824:flax:7a9270d, author = {Microsoft Threat Intelligence}, title = {{Flax Typhoon using legitimate software to quietly access Taiwanese organizations}}, date = {2023-08-24}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/security/blog/2023/08/24/flax-typhoon-using-legitimate-software-to-quietly-access-taiwanese-organizations/}, language = {English}, urldate = {2023-08-25} } Flax Typhoon using legitimate software to quietly access Taiwanese organizations
2023-08-02MicrosoftMicrosoft Threat Intelligence
@online{intelligence:20230802:midnight:5a9de36, author = {Microsoft Threat Intelligence}, title = {{Midnight Blizzard conducts targeted social engineering over Microsoft Teams}}, date = {2023-08-02}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/security/blog/2023/08/02/midnight-blizzard-conducts-targeted-social-engineering-over-microsoft-teams/}, language = {English}, urldate = {2023-08-03} } Midnight Blizzard conducts targeted social engineering over Microsoft Teams
2023-07-19Twitter (@MsftSecIntel)Microsoft Threat Intelligence
@online{intelligence:20230719:targeted:a0e926e, author = {Microsoft Threat Intelligence}, title = {{Tweet on targeted attacks against the defense sector in Ukraine and Eastern Europe by the threat actor Secret Blizzard}}, date = {2023-07-19}, organization = {Twitter (@MsftSecIntel)}, url = {https://twitter.com/msftsecintel/status/1681695399084539908}, language = {English}, urldate = {2023-07-20} } Tweet on targeted attacks against the defense sector in Ukraine and Eastern Europe by the threat actor Secret Blizzard
DeliveryCheck Kazuar
2023-07-14MicrosoftMicrosoft Threat Intelligence
@online{intelligence:20230714:analysis:78678b4, author = {Microsoft Threat Intelligence}, title = {{Analysis of Storm-0558 techniques for unauthorized email access}}, date = {2023-07-14}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/security/blog/2023/07/14/analysis-of-storm-0558-techniques-for-unauthorized-email-access/}, language = {English}, urldate = {2023-07-31} } Analysis of Storm-0558 techniques for unauthorized email access
2023-07-12FortinetCara Lin
@online{lin:20230712:lokibot:f77d705, author = {Cara Lin}, title = {{LokiBot Campaign Targets Microsoft Office Document Using Vulnerabilities and Macros}}, date = {2023-07-12}, organization = {Fortinet}, url = {https://www.fortinet.com/blog/threat-research/lokibot-targets-microsoft-office-document-using-vulnerabilities-and-macros}, language = {English}, urldate = {2023-07-19} } LokiBot Campaign Targets Microsoft Office Document Using Vulnerabilities and Macros
Loki Password Stealer (PWS)
2023-07-11MicrosoftMicrosoft
@online{microsoft:20230711:storm0978:98ba63b, author = {Microsoft}, title = {{Storm-0978 attacks reveal financial and espionage motives}}, date = {2023-07-11}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/security/blog/2023/07/11/storm-0978-attacks-reveal-financial-and-espionage-motives/}, language = {English}, urldate = {2023-07-13} } Storm-0978 attacks reveal financial and espionage motives
ROMCOM RAT
2023-07-06MicrosoftMicrosoft Incident Response
@online{response:20230706:fiveday:629ca44, author = {Microsoft Incident Response}, title = {{The five-day job: A BlackByte ransomware intrusion case study}}, date = {2023-07-06}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/}, language = {English}, urldate = {2023-08-25} } The five-day job: A BlackByte ransomware intrusion case study
BlackByte ExByte
2023-06-14MicrosoftMicrosoft Threat Intelligence
@online{intelligence:20230614:cadet:c02303d, author = {Microsoft Threat Intelligence}, title = {{Cadet Blizzard emerges as a novel and distinct Russian threat actor}}, date = {2023-06-14}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/security/blog/2023/06/14/cadet-blizzard-emerges-as-a-novel-and-distinct-russian-threat-actor/}, language = {English}, urldate = {2023-07-11} } Cadet Blizzard emerges as a novel and distinct Russian threat actor
p0wnyshell reGeorg WhisperGate
2023-05-24MicrosoftMicrosoft Threat Intelligence
@online{intelligence:20230524:volt:e7b8951, author = {Microsoft Threat Intelligence}, title = {{Volt Typhoon targets US critical infrastructure with living-off-the-land techniques}}, date = {2023-05-24}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/security/blog/2023/05/24/volt-typhoon-targets-us-critical-infrastructure-with-living-off-the-land-techniques/}, language = {English}, urldate = {2023-05-26} } Volt Typhoon targets US critical infrastructure with living-off-the-land techniques
Volt Typhoon
2023-04-19MicrosoftJustin Warner, Microsoft Threat Intelligence Center (MSTIC)
@online{warner:20230419:exploring:c68c1d0, author = {Justin Warner and Microsoft Threat Intelligence Center (MSTIC)}, title = {{Exploring STRONTIUM's Abuse of Cloud Services}}, date = {2023-04-19}, organization = {Microsoft}, url = {https://www.youtube.com/watch?v=_qdCGgQlHJE}, language = {English}, urldate = {2023-04-22} } Exploring STRONTIUM's Abuse of Cloud Services
FusionDrive
2023-04-18MicrosoftMicrosoft Threat Intelligence
@online{intelligence:20230418:nationstate:11efa4c, author = {Microsoft Threat Intelligence}, title = {{Nation-state threat actor PHOSPHORUS refines tradecraft to attack high-value targets}}, date = {2023-04-18}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/security/blog/2023/04/18/nation-state-threat-actor-mint-sandstorm-refines-tradecraft-to-attack-high-value-targets/}, language = {English}, urldate = {2023-04-22} } Nation-state threat actor PHOSPHORUS refines tradecraft to attack high-value targets
Drokbk
2023-04-18MicrosoftDianne Gali, Daniel Simpson, Stacyrch140
@online{gali:20230418:how:84d68aa, author = {Dianne Gali and Daniel Simpson and Stacyrch140}, title = {{How Microsoft names threat actors}}, date = {2023-04-18}, organization = {Microsoft}, url = {https://learn.microsoft.com/de-de/microsoft-365/security/intelligence/microsoft-threat-actor-naming}, language = {English}, urldate = {2023-04-18} } How Microsoft names threat actors
2023-04-13MicrosoftMicrosoft Threat Intelligence
@online{intelligence:20230413:threat:a445e97, author = {Microsoft Threat Intelligence}, title = {{Threat actors strive to cause Tax Day headaches}}, date = {2023-04-13}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/security/blog/2023/04/13/threat-actors-strive-to-cause-tax-day-headaches/}, language = {English}, urldate = {2023-04-18} } Threat actors strive to cause Tax Day headaches
CloudEyE Remcos
2023-04-11MicrosoftMicrosoft Threat Intelligence
@online{intelligence:20230411:dev0196:1589080, author = {Microsoft Threat Intelligence}, title = {{DEV-0196: QuaDream’s “KingsPawn” malware used to target civil society in Europe, North America, the Middle East, and Southeast Asia}}, date = {2023-04-11}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/security/blog/2023/04/11/dev-0196-quadreams-kingspawn-malware-used-to-target-civil-society-in-europe-north-america-the-middle-east-and-southeast-asia/}, language = {English}, urldate = {2023-04-18} } DEV-0196: QuaDream’s “KingsPawn” malware used to target civil society in Europe, North America, the Middle East, and Southeast Asia