Join us at InfoSec Jupyterthon 2021
Weโre excited to invite our community of infosec analysts and engineers to the second annual InfoSec Jupyterthonย taking place on December 2-3, 2021.
-
-
Iranian targeting of IT sector on the rise
Microsoft has observed multiple Iranian threat actors targeting the IT services sector in attacks that aim to steal sign-in credentials belonging to downstream customer networks to enable further attacks. -
Evolving trends in Iranian threat actor activity โ MSTIC presentation at CyberWarCon 2021
Over the past year, the Microsoft Threat Intelligence Center (MSTIC) has observed a gradual evolution of the tools, techniques, and procedures employed by malicious network operators based in Iran. -
AI-driven adaptive protection against human-operated ransomware
We developed a cloud-based machine learning system that, when queried by a device, intelligently predicts if it is at risk, then automatically issues a more aggressive blocking verdict to protect the device, thwarting an attackerโs next steps. -
HTML smuggling surges: Highly evasive loader technique increasingly used in banking malware, targeted attacks
HTML smuggling, a highly evasive malware delivery technique that leverages legitimate HTML5 and JavaScript features, is increasingly used in email campaigns that deploy banking malware, remote access Trojans (RATs), and other payloads related to targeted attacks. -
Threat actor DEV-0322 exploiting ZOHO ManageEngine ADSelfService Plus
Microsoft has detected exploits being used to compromise systems running the ZOHO ManageEngine ADSelfService Plus software versions vulnerable to CVE-2021-40539 in a targeted campaign. -
Microsoft finds new macOS vulnerability, Shrootless, that could bypass System Integrity Protection
Microsoft found a vulnerability (CVE-2021-30892) that could allow an attacker to bypass System Integrity Protection (SIP) in macOS. -
NOBELIUM targeting delegated administrative privileges to facilitate broader attacks
The Microsoft Threat Intelligence Center (MSTIC) has detected nation-state activity associated with the threat actor tracked as NOBELIUM, attempting to gain access to downstream customers of multiple cloud service providers (CSP), managed service providers (MSP), and other IT services organizations. -
Franken-phish: TodayZoo built from other phishing kits
A phishing kit built using pieces of code copied from other kits, some available for sale through publicly accessible scam sellers or are reused and repackaged by other kit resellers, provides rich insight into the state of the economy that drives phishing and email threats today. -
Iran-linked DEV-0343 targeting defense, GIS, and maritime sectors
MSTIC has observed DEV-0343 conducting extensive password spraying against more than 250 Office 365 tenants, with a focus on United States and Israeli defense technology companies, Persian Gulf ports of entry, or global maritime transportation companies with business presence in the Middle East. -
FoggyWeb: Targeted NOBELIUM malware leads to persistent backdoor
In-depth analysis of newly detected NOBELIUM malware: a post-exploitation backdoor that Microsoft Threat Intelligence Center (MSTIC) refers to as FoggyWeb. -
Catching the big fish: Analyzing a large-scale phishing-as-a-service operation
With over 100 available phishing templates that mimic known brands and services, the BulletProofLink operation is responsible for many of the phishing campaigns that impact enterprises today.
