Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-05-24MicrosoftMicrosoft Threat Intelligence
@online{intelligence:20230524:volt:e7b8951, author = {Microsoft Threat Intelligence}, title = {{Volt Typhoon targets US critical infrastructure with living-off-the-land techniques}}, date = {2023-05-24}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/security/blog/2023/05/24/volt-typhoon-targets-us-critical-infrastructure-with-living-off-the-land-techniques/}, language = {English}, urldate = {2023-05-26} } Volt Typhoon targets US critical infrastructure with living-off-the-land techniques
2023-04-19MicrosoftJustin Warner, Microsoft Threat Intelligence Center (MSTIC)
@online{warner:20230419:exploring:c68c1d0, author = {Justin Warner and Microsoft Threat Intelligence Center (MSTIC)}, title = {{Exploring STRONTIUM's Abuse of Cloud Services}}, date = {2023-04-19}, organization = {Microsoft}, url = {https://www.youtube.com/watch?v=_qdCGgQlHJE}, language = {English}, urldate = {2023-04-22} } Exploring STRONTIUM's Abuse of Cloud Services
FusionDrive
2023-04-18MicrosoftMicrosoft Threat Intelligence
@online{intelligence:20230418:nationstate:11efa4c, author = {Microsoft Threat Intelligence}, title = {{Nation-state threat actor PHOSPHORUS refines tradecraft to attack high-value targets}}, date = {2023-04-18}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/security/blog/2023/04/18/nation-state-threat-actor-mint-sandstorm-refines-tradecraft-to-attack-high-value-targets/}, language = {English}, urldate = {2023-04-22} } Nation-state threat actor PHOSPHORUS refines tradecraft to attack high-value targets
Drokbk
2023-04-13MicrosoftMicrosoft Threat Intelligence
@online{intelligence:20230413:threat:a445e97, author = {Microsoft Threat Intelligence}, title = {{Threat actors strive to cause Tax Day headaches}}, date = {2023-04-13}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/security/blog/2023/04/13/threat-actors-strive-to-cause-tax-day-headaches/}, language = {English}, urldate = {2023-04-18} } Threat actors strive to cause Tax Day headaches
CloudEyE Remcos
2023-04-11MicrosoftMicrosoft Threat Intelligence
@online{intelligence:20230411:dev0196:1589080, author = {Microsoft Threat Intelligence}, title = {{DEV-0196: QuaDream’s “KingsPawn” malware used to target civil society in Europe, North America, the Middle East, and Southeast Asia}}, date = {2023-04-11}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/security/blog/2023/04/11/dev-0196-quadreams-kingspawn-malware-used-to-target-civil-society-in-europe-north-america-the-middle-east-and-southeast-asia/}, language = {English}, urldate = {2023-04-18} } DEV-0196: QuaDream’s “KingsPawn” malware used to target civil society in Europe, North America, the Middle East, and Southeast Asia
2023-04-07MicrosoftMicrosoft Threat Intelligence
@online{intelligence:20230407:mercury:7727e83, author = {Microsoft Threat Intelligence}, title = {{MERCURY and DEV-1084: Destructive attack on hybrid environment}}, date = {2023-04-07}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/security/blog/2023/04/07/mercury-and-dev-1084-destructive-attack-on-hybrid-environment/}, language = {English}, urldate = {2023-04-18} } MERCURY and DEV-1084: Destructive attack on hybrid environment
DarkBit
2023-03-15MicrosoftMicrosoft Threat Intelligence
@techreport{intelligence:20230315:year:01e29b1, author = {Microsoft Threat Intelligence}, title = {{A year of Russian hybrid warfare in Ukraine}}, date = {2023-03-15}, institution = {Microsoft}, url = {https://www.microsoft.com/en-us/security/business/security-insider/wp-content/uploads/2023/03/A-year-of-Russian-hybrid-warfare-in-Ukraine_MS-Threat-Intelligence-1.pdf}, language = {English}, urldate = {2023-04-25} } A year of Russian hybrid warfare in Ukraine
CaddyWiper DesertBlade DoubleZero HermeticWiper INDUSTROYER2 IsaacWiper PartyTicket SwiftSlicer WhisperGate
2023-03-13MicrosoftMicrosoft Threat Intelligence Center
@online{center:20230313:dev1101:be64ddc, author = {Microsoft Threat Intelligence Center}, title = {{DEV-1101 enables high-volume AiTM campaigns with open-source phishing kit}}, date = {2023-03-13}, organization = {Microsoft}, url = {https://security-blog-prod-wp01.azurewebsites.net/en-us/security/blog/2023/03/13/dev-1101-enables-high-volume-aitm-campaigns-with-open-source-phishing-kit/}, language = {English}, urldate = {2023-03-20} } DEV-1101 enables high-volume AiTM campaigns with open-source phishing kit
2023-02-02YouTube (SLEUTHCON)Christopher Glyer, Microsoft Threat Intelligence Center (MSTIC)
@online{glyer:20230202:lions:b21e15a, author = {Christopher Glyer and Microsoft Threat Intelligence Center (MSTIC)}, title = {{Lions, Tigers, and Infostealers - Oh my!}}, date = {2023-02-02}, organization = {YouTube (SLEUTHCON)}, url = {https://www.youtube.com/watch?v=NI_Yw2t9zoo}, language = {English}, urldate = {2023-04-25} } Lions, Tigers, and Infostealers - Oh my!
RecordBreaker RedLine Stealer Vidar
2022-10-10RiskIQMicrosoft Threat Intelligence Center (MSTIC)
@online{mstic:20221010:dev0832:07768a3, author = {Microsoft Threat Intelligence Center (MSTIC)}, title = {{DEV-0832 Leverages Commodity Tools in Opportunistic Ransomware Campaigns}}, date = {2022-10-10}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/47766fbd}, language = {English}, urldate = {2022-10-19} } DEV-0832 Leverages Commodity Tools in Opportunistic Ransomware Campaigns
BlackCat Mount Locker SystemBC Zeppelin
2022-08-25MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Microsoft 365 Defender Research Team, Microsoft 365 Defender Threat Intelligence Team
@online{mstic:20220825:mercury:a02a670, author = {Microsoft Threat Intelligence Center (MSTIC) and Microsoft 365 Defender Research Team and Microsoft 365 Defender Threat Intelligence Team}, title = {{MERCURY leveraging Log4j 2 vulnerabilities in unpatched systems to target Israeli organizations}}, date = {2022-08-25}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/08/25/mercury-leveraging-log4j-2-vulnerabilities-in-unpatched-systems-to-target-israeli-organizations}, language = {English}, urldate = {2022-08-30} } MERCURY leveraging Log4j 2 vulnerabilities in unpatched systems to target Israeli organizations
MimiKatz
2022-08-24MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Detection and Response Team (DART), Microsoft 365 Defender Team
@online{mstic:20220824:magicweb:1bb7204, author = {Microsoft Threat Intelligence Center (MSTIC) and Detection and Response Team (DART) and Microsoft 365 Defender Team}, title = {{MagicWeb: NOBELIUM’s post-compromise trick to authenticate as anyone}}, date = {2022-08-24}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/08/24/magicweb-nobeliums-post-compromise-trick-to-authenticate-as-anyone/}, language = {English}, urldate = {2022-08-28} } MagicWeb: NOBELIUM’s post-compromise trick to authenticate as anyone
2022-08-15MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Office 365 Threat Research Team, Digital Threat Analysis Center (DTAC)
@online{mstic:20220815:disrupting:6429d3a, author = {Microsoft Threat Intelligence Center (MSTIC) and Office 365 Threat Research Team and Digital Threat Analysis Center (DTAC)}, title = {{Disrupting SEABORGIUM’s ongoing phishing operations}}, date = {2022-08-15}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/08/15/disrupting-seaborgiums-ongoing-phishing-operations}, language = {English}, urldate = {2022-08-18} } Disrupting SEABORGIUM’s ongoing phishing operations
Callisto
2022-08-15MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Office 365 Threat Research Team, Digital Threat Analysis Center (DTAC)
@online{mstic:20220815:disrupting:528a65e, author = {Microsoft Threat Intelligence Center (MSTIC) and Office 365 Threat Research Team and Digital Threat Analysis Center (DTAC)}, title = {{Disrupting SEABORGIUM’s ongoing phishing operations}}, date = {2022-08-15}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/08/15/disrupting-seaborgiums-ongoing-phishing-operations/}, language = {English}, urldate = {2022-08-17} } Disrupting SEABORGIUM’s ongoing phishing operations
2022-07-29RiskIQJordan Herman
@online{herman:20220729:falling:12d2d82, author = {Jordan Herman}, title = {{Falling Into a Nest of Vipers or: "Why'd it have to be snakes?" (Microsoft Threat Intelligence Brief)}}, date = {2022-07-29}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/f3179571}, language = {English}, urldate = {2022-09-19} } Falling Into a Nest of Vipers or: "Why'd it have to be snakes?" (Microsoft Threat Intelligence Brief)
2022-07-27MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Microsoft Security Response Center (MSRC), RiskIQ
@online{mstic:20220727:untangling:27dd5d0, author = {Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC) and RiskIQ}, title = {{Untangling KNOTWEED: European private-sector offensive actor using 0-day exploits}}, date = {2022-07-27}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/07/27/untangling-knotweed-european-private-sector-offensive-actor-using-0-day-exploits/}, language = {English}, urldate = {2022-08-15} } Untangling KNOTWEED: European private-sector offensive actor using 0-day exploits
Subzero
2022-07-14MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Microsoft Digital Security Unit (DSU)
@online{mstic:20220714:north:876e680, author = {Microsoft Threat Intelligence Center (MSTIC) and Microsoft Digital Security Unit (DSU)}, title = {{North Korean threat actor (H0lyGh0st /DEV-0530) targets small and midsize businesses with H0lyGh0st ransomware}}, date = {2022-07-14}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/07/14/north-korean-threat-actor-targets-small-and-midsize-businesses-with-h0lygh0st-ransomware/}, language = {English}, urldate = {2022-07-15} } North Korean threat actor (H0lyGh0st /DEV-0530) targets small and midsize businesses with H0lyGh0st ransomware
SiennaBlue SiennaPurple
2022-07-12MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Microsoft 365 Defender Research Team
@online{mstic:20220712:from:3d3a8e3, author = {Microsoft Threat Intelligence Center (MSTIC) and Microsoft 365 Defender Research Team}, title = {{From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud}}, date = {2022-07-12}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/07/12/from-cookie-theft-to-bec-attackers-use-aitm-phishing-sites-as-entry-point-to-further-financial-fraud/}, language = {English}, urldate = {2022-07-15} } From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud
2022-07-05MicrosoftMicrosoft Threat Intelligence Center (MSTIC)
@online{mstic:20220705:hive:840b6e9, author = {Microsoft Threat Intelligence Center (MSTIC)}, title = {{Hive ransomware gets upgrades in Rust}}, date = {2022-07-05}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/07/05/hive-ransomware-gets-upgrades-in-rust/}, language = {English}, urldate = {2022-07-13} } Hive ransomware gets upgrades in Rust
Hive
2022-06-02MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Microsoft Digital Security Unit (DSU)
@online{mstic:20220602:exposing:b85423c, author = {Microsoft Threat Intelligence Center (MSTIC) and Microsoft Digital Security Unit (DSU)}, title = {{Exposing POLONIUM activity and infrastructure targeting Israeli organizations}}, date = {2022-06-02}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/06/02/exposing-polonium-activity-and-infrastructure-targeting-israeli-organizations/}, language = {English}, urldate = {2022-06-02} } Exposing POLONIUM activity and infrastructure targeting Israeli organizations
POLONIUM