Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2025-02-12MicrosoftMicrosoft Threat Intelligence
The BadPilot campaign: Seashell Blizzard subgroup conducts multiyear global access operation
LocalOlive
2025-02-11Twitter (@MsftSecIntel)Microsoft Threat Intelligence
Twitter Thread on a new Kimsuky tactic inciting admins to paste powershell
2025-01-16MicrosoftMicrosoft Threat Intelligence
New Star Blizzard spear-phishing campaign targets WhatsApp accounts
2024-12-11MicrosoftMicrosoft Threat Intelligence
Frequent freeloader part II: Russian actor Secret Blizzard using tools of other groups to attack Ukraine
Amadey Kazuar Wipbot FlyingYeti
2024-12-04MicrosoftMicrosoft Threat Intelligence
Frequent freeloader part I: Secret Blizzard compromising Storm-0156 infrastructure for espionage
Crimson RAT MiniPocket TwoDash Wainscot Operation C-Major Storm-0473
2024-10-31MicrosoftMicrosoft Threat Intelligence
Chinese threat actor Storm-0940 uses credentials from password spray attacks from a covert network
Storm-0940
2024-10-29MicrosoftMicrosoft Threat Intelligence
Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files
2024-10-17Microsoft SecurityMicrosoft Threat Intelligence
New macOS vulnerability, “HM Surf”, could lead to unauthorized data access
2024-09-26MicrosoftMicrosoft Threat Intelligence
Storm-0501: Ransomware attacks expanding to hybrid cloud environments
Storm-0501
2024-08-30MicrosoftMicrosoft Threat Intelligence
North Korean threat actor Citrine Sleet exploiting Chromium zero-day
FudModule
2024-05-28MicrosoftMicrosoft Threat Intelligence
Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks
splitloader
2024-05-15MicrosoftMicrosoft Threat Intelligence
Threat actors misusing Quick Assist in social engineering attacks leading to ransomware
Black Basta Cobalt Strike QakBot SystemBC
2024-05-15MicrosoftMicrosoft Threat Intelligence
Threat actors misusing Quick Assist in social engineering attacks leading to ransomware
Black Basta Cobalt Strike QakBot
2024-04-22MicrosoftMicrosoft Threat Intelligence
Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials
GooseEgg
2024-02-07MicrosoftMicrosoft Threat Intelligence
Iran surges cyber-enabled influence operations in support of Hamas
2024-01-25MicrosoftMicrosoft Threat Intelligence
Midnight Blizzard: Guidance for responders on nation-state attack
UNC2452
2024-01-17MicrosoftMicrosoft Threat Intelligence
New TTPs observed in Mint Sandstorm campaign targeting high-profile individuals at universities and research orgs
MediaPI
2023-12-12MicrosoftMicrosoft Threat Intelligence
Threat actors misuse OAuth applications to automate financially driven attacks
Storm-1283 Storm-1286
2023-12-07MicrosoftMicrosoft Threat Intelligence
Star Blizzard increases sophistication and evasion in ongoing attacks
Callisto
2023-12-01Twitter (@MsftSecIntel)Microsoft Threat Intelligence
Tweet on Danabot leading to cactus ransomware
Cactus DanaBot Storm-1044