Click here to download all references as Bib-File.
2022-06-02 ⋅ Microsoft ⋅ Exposing POLONIUM activity and infrastructure targeting Israeli organizations |
2022-05-09 ⋅ Microsoft ⋅ Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself AnchorDNS BlackCat BlackMatter Conti DarkSide HelloKitty Hive LockBit REvil FAKEUPDATES Griffon ATOMSILO BazarBackdoor BlackCat BlackMatter Blister Cobalt Strike Conti DarkSide Emotet FiveHands Gozi HelloKitty Hive IcedID ISFB JSSLoader LockBit LockFile Maze NightSky Pandora Phobos Phoenix Locker PhotoLoader QakBot REvil Rook Ryuk SystemBC TrickBot WastedLocker |
2022-03-22 ⋅ Microsoft ⋅ DEV-0537 (LAPSUS$/UNC3661) criminal actor targeting organizations for data exfiltration and destruction RedLine Stealer LAPSUS |
2022-03-16 ⋅ Microsoft ⋅ Uncovering Trickbot’s use of IoT devices in command-and-control infrastructure TrickBot |
2022-02-04 ⋅ Microsoft ⋅ ACTINIUM targets Ukrainian organizations Pteranodon Gamaredon Group |
2021-12-06 ⋅ Microsoft ⋅ NICKEL targeting government organizations across Latin America and Europe MimiKatz |
2021-12-06 ⋅ Mandiant ⋅ Suspected Russian Activity Targeting Government and Business Entities Around the Globe (UNC2452) Cobalt Strike CryptBot |
2021-11-18 ⋅ Microsoft ⋅ Iranian targeting of IT sector on the rise MimiKatz ShellClient RAT |
2021-11-16 ⋅ Microsoft ⋅ Evolving trends in Iranian threat actor activity – MSTIC presentation at CyberWarCon 2021 |
2021-11-08 ⋅ Microsoft ⋅ Threat actor DEV-0322 exploiting ZOHO ManageEngine ADSelfService Plus |
2021-10-25 ⋅ Microsoft ⋅ NOBELIUM targeting delegated administrative privileges to facilitate broader attacks |
2021-10-11 ⋅ Microsoft ⋅ Iran-linked DEV-0343 targeting defense, GIS, and maritime sectors |
2021-09-27 ⋅ Microsoft ⋅ FoggyWeb: Targeted NOBELIUM malware leads to persistent backdoor |
2021-09-15 ⋅ Microsoft ⋅ Analyzing attacks that exploit the CVE-2021-40444 MSHTML vulnerability EXOTIC LILY |
2021-09-15 ⋅ Microsoft ⋅ Analyzing attacks that exploit the CVE-2021-40444 MSHTML vulnerability Cobalt Strike |
2021-07-15 ⋅ Microsoft ⋅ Protecting customers from a private-sector offensive actor using 0-day exploits and DevilsTongue malware |
2021-07-14 ⋅ Microsoft ⋅ Microsoft delivers comprehensive solution to battle rise in consent phishing emails |
2021-07-13 ⋅ Microsoft ⋅ Microsoft discovers threat actor (DEV-0322) targeting SolarWinds Serv-U software with 0-day exploit |
2021-06-14 ⋅ Microsoft ⋅ Behind the scenes of business email compromise: Using cross-domain threat data to disrupt a large BEC campaign |
2021-06-01 ⋅ Microsoft ⋅ New sophisticated email-based attack from NOBELIUM Cobalt Strike |