Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-11-22MicrosoftMicrosoft Threat Intelligence
@online{intelligence:20231122:diamond:59a70c1, author = {Microsoft Threat Intelligence}, title = {{Diamond Sleet supply chain compromise distributes a modified CyberLink installer}}, date = {2023-11-22}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/security/blog/2023/11/22/diamond-sleet-supply-chain-compromise-distributes-a-modified-cyberlink-installer/}, language = {English}, urldate = {2023-11-23} } Diamond Sleet supply chain compromise distributes a modified CyberLink installer
LambLoad
2023-10-18MicrosoftMicrosoft Threat Intelligence
@online{intelligence:20231018:multiple:1533f8e, author = {Microsoft Threat Intelligence}, title = {{Multiple North Korean threat actors exploiting the TeamCity CVE-2023-42793 vulnerability}}, date = {2023-10-18}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/security/blog/2023/10/18/multiple-north-korean-threat-actors-exploiting-the-teamcity-cve-2023-42793-vulnerability/}, language = {English}, urldate = {2023-10-20} } Multiple North Korean threat actors exploiting the TeamCity CVE-2023-42793 vulnerability
FeedLoad ForestTiger HazyLoad RollSling
2023-09-12MicrosoftMicrosoft Threat Intelligence
@online{intelligence:20230912:malware:3a31afc, author = {Microsoft Threat Intelligence}, title = {{Malware distributor Storm-0324 facilitates ransomware access}}, date = {2023-09-12}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/security/blog/2023/09/12/malware-distributor-storm-0324-facilitates-ransomware-access/}, language = {English}, urldate = {2023-09-13} } Malware distributor Storm-0324 facilitates ransomware access
JSSLoader
2023-08-24MicrosoftMicrosoft Threat Intelligence
@online{intelligence:20230824:flax:7a9270d, author = {Microsoft Threat Intelligence}, title = {{Flax Typhoon using legitimate software to quietly access Taiwanese organizations}}, date = {2023-08-24}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/security/blog/2023/08/24/flax-typhoon-using-legitimate-software-to-quietly-access-taiwanese-organizations/}, language = {English}, urldate = {2023-08-25} } Flax Typhoon using legitimate software to quietly access Taiwanese organizations
2023-08-02MicrosoftMicrosoft Threat Intelligence
@online{intelligence:20230802:midnight:5a9de36, author = {Microsoft Threat Intelligence}, title = {{Midnight Blizzard conducts targeted social engineering over Microsoft Teams}}, date = {2023-08-02}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/security/blog/2023/08/02/midnight-blizzard-conducts-targeted-social-engineering-over-microsoft-teams/}, language = {English}, urldate = {2023-08-03} } Midnight Blizzard conducts targeted social engineering over Microsoft Teams
2023-07-19Twitter (@MsftSecIntel)Microsoft Threat Intelligence
@online{intelligence:20230719:targeted:a0e926e, author = {Microsoft Threat Intelligence}, title = {{Tweet on targeted attacks against the defense sector in Ukraine and Eastern Europe by the threat actor Secret Blizzard}}, date = {2023-07-19}, organization = {Twitter (@MsftSecIntel)}, url = {https://twitter.com/msftsecintel/status/1681695399084539908}, language = {English}, urldate = {2023-07-20} } Tweet on targeted attacks against the defense sector in Ukraine and Eastern Europe by the threat actor Secret Blizzard
DeliveryCheck Kazuar
2023-07-14MicrosoftMicrosoft Threat Intelligence
@online{intelligence:20230714:analysis:78678b4, author = {Microsoft Threat Intelligence}, title = {{Analysis of Storm-0558 techniques for unauthorized email access}}, date = {2023-07-14}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/security/blog/2023/07/14/analysis-of-storm-0558-techniques-for-unauthorized-email-access/}, language = {English}, urldate = {2023-07-31} } Analysis of Storm-0558 techniques for unauthorized email access
2023-06-14MicrosoftMicrosoft Threat Intelligence
@online{intelligence:20230614:cadet:c02303d, author = {Microsoft Threat Intelligence}, title = {{Cadet Blizzard emerges as a novel and distinct Russian threat actor}}, date = {2023-06-14}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/security/blog/2023/06/14/cadet-blizzard-emerges-as-a-novel-and-distinct-russian-threat-actor/}, language = {English}, urldate = {2023-07-11} } Cadet Blizzard emerges as a novel and distinct Russian threat actor
p0wnyshell reGeorg WhisperGate
2023-05-24MicrosoftMicrosoft Threat Intelligence
@online{intelligence:20230524:volt:e7b8951, author = {Microsoft Threat Intelligence}, title = {{Volt Typhoon targets US critical infrastructure with living-off-the-land techniques}}, date = {2023-05-24}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/security/blog/2023/05/24/volt-typhoon-targets-us-critical-infrastructure-with-living-off-the-land-techniques/}, language = {English}, urldate = {2023-05-26} } Volt Typhoon targets US critical infrastructure with living-off-the-land techniques
Volt Typhoon
2023-04-19MicrosoftJustin Warner, Microsoft Threat Intelligence Center (MSTIC)
@online{warner:20230419:exploring:c68c1d0, author = {Justin Warner and Microsoft Threat Intelligence Center (MSTIC)}, title = {{Exploring STRONTIUM's Abuse of Cloud Services}}, date = {2023-04-19}, organization = {Microsoft}, url = {https://www.youtube.com/watch?v=_qdCGgQlHJE}, language = {English}, urldate = {2023-04-22} } Exploring STRONTIUM's Abuse of Cloud Services
FusionDrive
2023-04-18MicrosoftMicrosoft Threat Intelligence
@online{intelligence:20230418:nationstate:11efa4c, author = {Microsoft Threat Intelligence}, title = {{Nation-state threat actor PHOSPHORUS refines tradecraft to attack high-value targets}}, date = {2023-04-18}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/security/blog/2023/04/18/nation-state-threat-actor-mint-sandstorm-refines-tradecraft-to-attack-high-value-targets/}, language = {English}, urldate = {2023-04-22} } Nation-state threat actor PHOSPHORUS refines tradecraft to attack high-value targets
Drokbk
2023-04-13MicrosoftMicrosoft Threat Intelligence
@online{intelligence:20230413:threat:a445e97, author = {Microsoft Threat Intelligence}, title = {{Threat actors strive to cause Tax Day headaches}}, date = {2023-04-13}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/security/blog/2023/04/13/threat-actors-strive-to-cause-tax-day-headaches/}, language = {English}, urldate = {2023-04-18} } Threat actors strive to cause Tax Day headaches
CloudEyE Remcos
2023-04-11MicrosoftMicrosoft Threat Intelligence
@online{intelligence:20230411:dev0196:1589080, author = {Microsoft Threat Intelligence}, title = {{DEV-0196: QuaDream’s “KingsPawn” malware used to target civil society in Europe, North America, the Middle East, and Southeast Asia}}, date = {2023-04-11}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/security/blog/2023/04/11/dev-0196-quadreams-kingspawn-malware-used-to-target-civil-society-in-europe-north-america-the-middle-east-and-southeast-asia/}, language = {English}, urldate = {2023-04-18} } DEV-0196: QuaDream’s “KingsPawn” malware used to target civil society in Europe, North America, the Middle East, and Southeast Asia
2023-04-07MicrosoftMicrosoft Threat Intelligence
@online{intelligence:20230407:mercury:7727e83, author = {Microsoft Threat Intelligence}, title = {{MERCURY and DEV-1084: Destructive attack on hybrid environment}}, date = {2023-04-07}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/security/blog/2023/04/07/mercury-and-dev-1084-destructive-attack-on-hybrid-environment/}, language = {English}, urldate = {2023-04-18} } MERCURY and DEV-1084: Destructive attack on hybrid environment
DarkBit
2023-03-15MicrosoftMicrosoft Threat Intelligence
@techreport{intelligence:20230315:year:01e29b1, author = {Microsoft Threat Intelligence}, title = {{A year of Russian hybrid warfare in Ukraine}}, date = {2023-03-15}, institution = {Microsoft}, url = {https://www.microsoft.com/en-us/security/business/security-insider/wp-content/uploads/2023/03/A-year-of-Russian-hybrid-warfare-in-Ukraine_MS-Threat-Intelligence-1.pdf}, language = {English}, urldate = {2023-04-25} } A year of Russian hybrid warfare in Ukraine
CaddyWiper DesertBlade DoubleZero HermeticWiper INDUSTROYER2 IsaacWiper PartyTicket SwiftSlicer WhisperGate
2023-03-13MicrosoftMicrosoft Threat Intelligence Center
@online{center:20230313:dev1101:be64ddc, author = {Microsoft Threat Intelligence Center}, title = {{DEV-1101 enables high-volume AiTM campaigns with open-source phishing kit}}, date = {2023-03-13}, organization = {Microsoft}, url = {https://security-blog-prod-wp01.azurewebsites.net/en-us/security/blog/2023/03/13/dev-1101-enables-high-volume-aitm-campaigns-with-open-source-phishing-kit/}, language = {English}, urldate = {2023-03-20} } DEV-1101 enables high-volume AiTM campaigns with open-source phishing kit
2023-02-02YouTube (SLEUTHCON)Christopher Glyer, Microsoft Threat Intelligence Center (MSTIC)
@online{glyer:20230202:lions:b21e15a, author = {Christopher Glyer and Microsoft Threat Intelligence Center (MSTIC)}, title = {{Lions, Tigers, and Infostealers - Oh my!}}, date = {2023-02-02}, organization = {YouTube (SLEUTHCON)}, url = {https://www.youtube.com/watch?v=NI_Yw2t9zoo}, language = {English}, urldate = {2023-04-25} } Lions, Tigers, and Infostealers - Oh my!
RecordBreaker RedLine Stealer Vidar
2022-12-15MicrosoftMicrosoft Threat Intelligence
@online{intelligence:20221215:mccrash:5a0c3a2, author = {Microsoft Threat Intelligence}, title = {{MCCrash: Cross-platform DDoS botnet targets private Minecraft servers}}, date = {2022-12-15}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/security/blog/2022/12/15/mccrash-cross-platform-ddos-botnet-targets-private-minecraft-servers/}, language = {English}, urldate = {2023-11-17} } MCCrash: Cross-platform DDoS botnet targets private Minecraft servers
2022-10-27MicrosoftMicrosoft Threat Intelligence
@online{intelligence:20221027:raspberry:44ac615, author = {Microsoft Threat Intelligence}, title = {{Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity}}, date = {2022-10-27}, organization = {Microsoft}, url = {http://www.microsoft.com/en-us/security/blog/2022/10/27/raspberry-robin-worm-part-of-larger-ecosystem-facilitating-pre-ransomware-activity/}, language = {English}, urldate = {2023-11-17} } Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity
FAKEUPDATES BumbleBee Clop Fauppod Raspberry Robin Roshtyak Silence
2022-10-10RiskIQMicrosoft Threat Intelligence Center (MSTIC)
@online{mstic:20221010:dev0832:07768a3, author = {Microsoft Threat Intelligence Center (MSTIC)}, title = {{DEV-0832 Leverages Commodity Tools in Opportunistic Ransomware Campaigns}}, date = {2022-10-10}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/47766fbd}, language = {English}, urldate = {2022-10-19} } DEV-0832 Leverages Commodity Tools in Opportunistic Ransomware Campaigns
BlackCat Mount Locker SystemBC Zeppelin