When coin miners evolve, Part 2: Hunting down LemonDuck and LemonCat attacks
LemonDuck is an actively updated and robust malware primarily known for its botnet and cryptocurrency mining objectives.
-
-
BazaCall: Phony call centers lead to exfiltration and ransomware
Our continued investigation into BazaCall campaigns, those that use fraudulent call centers that trick unsuspecting users into downloading the BazaLoader malware, shows that this threat is more dangerous than what’s been discussed publicly in other security blogs and covered by the media. -
Combing through the fuzz: Using fuzzy hashing and deep learning to counter malware detection evasion techniques
A new approach for malware classification combines deep learning with fuzzy hashing. -
When coin miners evolve, Part 1: Exposing LemonDuck and LemonCat, modern mining malware infrastructure
LemonDuck, an actively updated and robust malware that’s primarily known for its botnet and cryptocurrency mining objectives, adopted more sophisticated behavior and escalated its operations. -
Protecting customers from a private-sector offensive actor using 0-day exploits and DevilsTongue malware
The Microsoft Threat Intelligence Center (MSTIC) alongside the Microsoft Security Response Center (MSRC) has uncovered a private-sector offensive actor, or PSOA, that we are calling SOURGUM in possession of now-patched, Windows 0-day exploits (CVE-2021-31979 and CVE-2021-33771). -
Microsoft delivers comprehensive solution to battle rise in consent phishing emails
Microsoft threat analysts are tracking a continued increase in consent phishing emails, also called illicit consent grants, that abuse OAuth request links in an attempt to trick recipients into granting attacker-owned apps permissions to access sensitive data. -
Microsoft discovers threat actor targeting SolarWinds Serv-U software with 0-day exploit
Microsoft has detected a 0-day remote code execution exploit being used to attack SolarWinds Serv-U FTP software in limited and targeted attacks. -
Microsoft finds new NETGEAR firmware vulnerabilities that could lead to identity theft and full system compromise
We discovered vulnerabilities in NETGEAR DGN-2200v1 series routers that can compromise a network’s security—opening the gates for attackers to roam untethered through an entire organization. -
Microsoft announces recipients of academic grants for AI research on combating phishing
Congratulations to the winners of the Microsoft Security AI RFP, which called for AI research on the threat of phishing and approaches for defending against it. -
Behind the scenes of business email compromise: Using cross-domain threat data to disrupt a large BEC campaign
Microsoft 365 Defender researchers recently uncovered and disrupted a large-scale business email compromise (BEC) infrastructure hosted in multiple web services. -
Breaking down NOBELIUM’s latest early-stage toolset
In this blog, we highlight four tools representing a unique infection chain utilized by NOBELIUM: EnvyScout, BoomBox, NativeZone, and VaporRage. -
New sophisticated email-based attack from NOBELIUM
Microsoft Threat Intelligence Center (MSTIC) has uncovered a wide-scale malicious email campaign operated by NOBELIUM, the threat actor behind the attacks against SolarWinds, the SUNBURST backdoor, TEARDROP malware, GoldMax malware, and other related components.
