North Korean threat actor targets small and midsize businesses with H0lyGh0st ransomware
A group of actors originating from North Korea that MSTIC tracks as DEV-0530 has been developing and using ransomware in attacks since June 2021.
-
-
Exposing POLONIUM activity and infrastructure targeting Israeli organizations
Microsoft successfully detected and disabled attack activity abusing OneDrive by a previously undocumented Lebanon-based activity group Microsoft Threat Intelligence Center (MSTIC) tracks as POLONIUM. -
ACTINIUM targets Ukrainian organizations
The Microsoft Threat Intelligence Center (MSTIC) is sharing information on a threat group named ACTINIUM, which has been operational for almost a decade and has consistently pursued access to organizations in Ukraine or entities related to Ukrainian affairs. -
Destructive malware targeting Ukrainian organizations
Microsoft Threat Intelligence Center (MSTIC) has identified evidence of a destructive malware operation targeting multiple organizations in Ukraine. -
NICKEL targeting government organizations across Latin America and Europe
China-based threat actor NICKEL has been targeting governments, diplomatic entities, and non-governmental organizations (NGOs) across Central and South America, the Caribbean, and Europe. -
Iranian targeting of IT sector on the rise
Microsoft has observed multiple Iranian threat actors targeting the IT services sector in attacks that aim to steal sign-in credentials belonging to downstream customer networks to enable further attacks. -
Iran-linked DEV-0343 targeting defense, GIS, and maritime sectors
MSTIC has observed DEV-0343 conducting extensive password spraying against more than 250 Office 365 tenants, with a focus on United States and Israeli defense technology companies, Persian Gulf ports of entry, or global maritime transportation companies with business presence in the Middle East.