ThreatsHub.org
In January 2022, MSTIC ran its inaugural hack month for the open-source Jupyter and Python Security Tools library, MSTICPy. This blog highlights some of the contributions.
The post MSTICPy January 2022 hackathon highlights appeared first on Microsoft Security Blog. READ MORE HERE…
The Microsoft Threat Intelligence Center (MSTIC) is sharing information on a threat group named ACTINIUM, which has been operational for almost a decade and has consistently pursued access to organizations in Ukraine or entities related to Ukrainian affairs.
The post ACTINIUM targets Ukrainian organizations appeared first on Microsoft Security Blog. READ MORE HERE…
Microsoft Threat Intelligence Center (MSTIC) has identified evidence of a destructive malware operation targeting multiple organizations in Ukraine.
The post Destructive malware targeting Ukrainian organizations appeared first on Microsoft Security Blog. READ MORE HERE…
China-based threat actor NICKEL has been targeting governments, diplomatic entities, and non-governmental organizations (NGOs) across Central and South America, the Caribbean, and Europe. Today, Microsoft announced the successful seizure of a set of NICKEL-operated websites and disruption of ongoing attacks.
The post NICKEL targeting government organizations across Latin America and Europe appeared first on Microsoft Security Blog. READ MORE HERE…
We’re excited to invite our community of infosec analysts and engineers to the second annual InfoSec Jupyterthon taking place on December 2-3, 2021. This is an online event organized by Open Threat Research Forge together with Microsoft Threat Intelligence Center (MSTIC).
The post Join us at InfoSec Jupyterthon 2021 appeared first on Microsoft Security Blog. READ MORE HERE…
Microsoft has observed multiple Iranian threat actors targeting the IT services sector in attacks that aim to steal sign-in credentials belonging to downstream customer networks to enable further attacks.
The post Iranian targeting of IT sector on the rise appeared first on Microsoft Security Blog. READ MORE HERE…
Over the past year, the Microsoft Threat Intelligence Center (MSTIC) has observed a gradual evolution of the tools, techniques, and procedures employed by malicious network operators based in Iran. This blog summarizes our analysis of trends in Iranian nation state actor activity and demonstrates MSTIC’s ongoing efforts to track these actors and protect customers from the related threats.
The post Evolving trends in Iranian threat actor activity – MSTIC presentation at CyberWarCon 2021 appeared first on Microsoft Security Blog. READ MORE HERE…
Microsoft has detected exploits being used to compromise systems running the ZOHO ManageEngine ADSelfService Plus software versions vulnerable to CVE-2021-40539 in a targeted campaign. Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to DEV-0322.
The post Threat actor DEV-0322 exploiting ZOHO ManageEngine ADSelfService Plus appeared first on Microsoft Security Blog. READ MORE HERE…
MSTIC has observed DEV-0343 conducting extensive password spraying against more than 250 Office 365 tenants, with a focus on United States and Israeli defense technology companies, Persian Gulf ports of entry, or global maritime transportation companies with business presence in the Middle East.
The post Iran-linked DEV-0343 targeting defense, GIS, and maritime sectors appeared first on Microsoft Security Blog. READ MORE HERE…
In-depth analysis of newly detected NOBELIUM malware: a post-exploitation backdoor that Microsoft Threat Intelligence Center (MSTIC) refers to as FoggyWeb. NOBELIUM uses FoggyWeb to remotely exfiltrate the configuration database of compromised AD FS servers, decrypted token-signing certificate, and token-decryption certificate, as well as to download and execute additional components.
The post FoggyWeb: Targeted NOBELIUM malware leads to persistent backdoor appeared first on Microsoft Security Blog. READ MORE HERE…