Malpedia Library

Click here to download all references as Bib-File.•

2026-03-06 ⋅ Microsoft ⋅ Microsoft Threat Intelligence
AI as tradecraft: How threat actors operationalize AI
OtterCookie

2026-01-14 ⋅ Microsoft ⋅ Microsoft Threat Intelligence
Inside RedVDS: How a single virtual desktop provider fueled worldwide cybercriminal operations

2025-12-01 ⋅ LinkedIn (Microsoft) ⋅ Microsoft Threat Intelligence
Post about Phishing Campaign pushing XWorm
XWorm TA584

2025-10-09 ⋅ Microsoft ⋅ Microsoft Threat Intelligence
Investigating targeted “payroll pirate” attacks affecting US universities
Storm-2657

2025-10-06 ⋅ Microsoft ⋅ Microsoft Threat Intelligence
Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability
Medusa Storm-1175

2025-07-31 ⋅ Microsoft ⋅ Microsoft Threat Intelligence
Frozen in transit: Secret Blizzard’s AiTM campaign against diplomats
ApolloShadow

2025-07-22 ⋅ Microsoft ⋅ Microsoft Threat Intelligence
Disrupting active exploitation of on-premises SharePoint vulnerabilities
Storm-2603

2025-06-30 ⋅ Microsoft ⋅ Microsoft Threat Intelligence
Jasper Sleet: North Korean remote IT workers’ evolving tactics to infiltrate organizations

2025-05-27 ⋅ Microsoft ⋅ Microsoft Threat Intelligence
New Russia-affiliated actor Void Blizzard targets critical sectors for espionage
Void Blizzard

2025-04-23 ⋅ Microsoft ⋅ Microsoft Threat Intelligence
Understanding the threat landscape for Kubernetes and containerized assets
Storm-1977

2025-04-08 ⋅ Microsoft ⋅ Microsoft Threat Intelligence
Exploitation of CLFS zero-day leads to ransomware activity
RansomEXX Storm-2460

2025-04-03 ⋅ Microsoft ⋅ Microsoft Threat Intelligence
Threat actors leverage tax season to deploy tax-themed phishing campaigns
Brute Ratel C4 CloudEyE Latrodectus Remcos Storm-0249

2025-03-06 ⋅ Twitter (@MsftSecIntel) ⋅ Microsoft Threat Intelligence
Tweet about Moonstone Sleet dropping Qilin ransomware
Qilin

2025-03-05 ⋅ Microsoft ⋅ Microsoft Threat Intelligence
Silk Typhoon targeting IT supply chain

2025-02-13 ⋅ Microsoft ⋅ Microsoft Threat Intelligence
Storm-2372 conducts device code phishing campaign
Storm-2372

2025-02-12 ⋅ Microsoft ⋅ Microsoft Threat Intelligence
The BadPilot campaign: Seashell Blizzard subgroup conducts multiyear global access operation
LocalOlive

2025-02-11 ⋅ Twitter (@MsftSecIntel) ⋅ Microsoft Threat Intelligence
Twitter Thread on a new Kimsuky tactic inciting admins to paste powershell

2025-02-06 ⋅ Microsoft ⋅ Microsoft Threat Intelligence
Code injection attacks using publicly disclosed ASP.NET machine keys

2025-01-21 ⋅ Twitter (@MsftSecIntel) ⋅ Microsoft Threat Intelligence
Twitter Thread describing spotting of ReedBed in a Storm-1811 campaign
ReedBed UNC4393

2025-01-16 ⋅ Microsoft ⋅ Microsoft Threat Intelligence
New Star Blizzard spear-phishing campaign targets WhatsApp accounts