Microsoft shifts to a new threat actor naming taxonomy
Microsoft is excited to announce that we are shifting to a new threat actor naming taxonomy aligned to the theme of weather.
Microsoft is excited to announce that we are shifting to a new threat actor naming taxonomy aligned to the theme of weather.
Today, Microsoft is reporting on a distinct subset of Mint Sandstorm (formerly known as PHOSPHORUS), an Iranian threat actor that specializes in hacking into and stealing sensitive information from high-value targets. This subset is technically and operationally mature, capable of developing bespoke tooling and quickly weaponizing recently disclosed vulnerabilities.
With U.S. Tax Day approaching, Microsoft has observed phishing attacks targeting accounting and tax return preparation firms to deliver the Remcos RAT and compromise target networks.
This guide provides steps that organizations can take to assess whether users have been targeted or compromised by threat actors exploiting CVE-2022-21894 via a Unified Extensible Firmware Interface (UEFI) bootkit called BlackLotus.
Microsoft analyzes a threat group tracked as DEV-0196, the actor’s iOS malware “KingsPawn”, and their link to an Israel-based private sector offensive actor (PSOA) known as QuaDream, which reportedly sells a suite of exploits, malware, and infrastructure called REIGN, that’s designed to exfiltrate data from mobile devices.
Microsoft detected a unique operation where threat actors carried out destructive actions in both on-premises and cloud environments.
With DDoS attacks becoming more frequent, sophisticated, and inexpensive to launch, it’s important for organizations of all sizes to be proactive and stay protected. In this blog, we detail trends and insights into DDoS attacks we observed and mitigated throughout 2022.
The Microsoft Defender for IoT research team details information on the recent distribution of a Go-based botnet, known as Zerobot, that spreads primarily through IoT and web-application vulnerabilities.
The Microsoft Defender for IoT research team analyzed a cross-platform botnet that infects both Windows and Linux systems from PCs to IoT devices, to launch distributed denial of service (DDoS) attacks against private Minecraft servers.
This blog aims to provide further guidance on detecting malicious IIS modules and other capabilities that you can use during your own incident response investigations.