nation-state actor Archives - ThreatsHub Cybersecurity News

Microsoft shifts to a new threat actor naming taxonomy

April 18, 2023 TH Author Cybersecurity, Microsoft security intelligence, nation-state actor, private-sector offensive actor (PSOA), threat actor tracking

Microsoft is excited to announce that we are shifting to a new threat actor naming taxonomy aligned to the theme of weather. The complexity, scale, and volume of threats is increasing, driving the need to reimagine not only how Microsoft talks about threats but also how we enable customers to understand those threats quickly and with clarity.
The post Microsoft shifts to a new threat actor naming taxonomy appeared first on Microsoft Security Blog. READ MORE HERE…

Microsoft Secure

Nation-state threat actor Mint Sandstorm refines tradecraft to attack high-value targets

April 18, 2023 TH Author Cybersecurity, Microsoft, Microsoft security intelligence, Mint Sandstorm, nation-state actor, Phosphorus, Security

Today, Microsoft is reporting on a distinct subset of Mint Sandstorm (formerly known as PHOSPHORUS), an Iranian threat actor that specializes in hacking into and stealing sensitive information from high-value targets. This subset is technically and operationally mature, capable of developing bespoke tooling and quickly weaponizing recently disclosed vulnerabilities.
The post Nation-state threat actor Mint Sandstorm refines tradecraft to attack high-value targets appeared first on Microsoft Security Blog. READ MORE HERE…

Microsoft Secure

ZINC weaponizing open-source software

September 29, 2022 TH Author Cybersecurity, Microsoft, Microsoft security intelligence, nation-state actor, Security, Social Engineering, ZINC

In recent months, Microsoft detected weaponization of legitimate open-source software by an actor the Microsoft Threat Intelligence Center (MSTIC) tracks as ZINC, targeting employees at media, defense and aerospace, and IT service provider organizations in the US, UK, India, and Russia.
The post ZINC weaponizing open-source software appeared first on Microsoft Security Blog. READ MORE HERE…

Microsoft Secure

Exposing POLONIUM activity and infrastructure targeting Israeli organizations

June 2, 2022 TH Author Cybersecurity, Microsoft security intelligence, Microsoft Threat Intelligence Center (MSTIC), nation-state actor, POLONIUM

Microsoft successfully detected and disabled attack activity abusing OneDrive by a previously undocumented Lebanon-based activity group Microsoft Threat Intelligence Center (MSTIC) tracks as POLONIUM.
The post Exposing POLONIUM activity and infrastructure targeting Israeli organizations appeared first on Microsoft Security Blog. READ MORE HERE…

Microsoft Secure

Iranian targeting of IT sector on the rise

November 18, 2021 TH Author Cybersecurity, Microsoft security intelligence, Microsoft Threat Intelligence Center (MSTIC), nation-state actor

Microsoft has observed multiple Iranian threat actors targeting the IT services sector in attacks that aim to steal sign-in credentials belonging to downstream customer networks to enable further attacks.
The post Iranian targeting of IT sector on the rise appeared first on Microsoft Security Blog. READ MORE HERE…

Microsoft Secure

Evolving trends in Iranian threat actor activity – MSTIC presentation at CyberWarCon 2021

November 16, 2021 TH Author Cybersecurity, Microsoft security intelligence, Microsoft Threat Intelligence Center (MSTIC), nation-state actor, Phosphorus, ransomware

Over the past year, the Microsoft Threat Intelligence Center (MSTIC) has observed a gradual evolution of the tools, techniques, and procedures employed by malicious network operators based in Iran. This blog summarizes our analysis of trends in Iranian nation state actor activity and demonstrates MSTIC’s ongoing efforts to track these actors and protect customers from the related threats.
The post Evolving trends in Iranian threat actor activity – MSTIC presentation at CyberWarCon 2021 appeared first on Microsoft Security Blog. READ MORE HERE…

Microsoft Secure

Iran-linked DEV-0343 targeting defense, GIS, and maritime sectors

October 11, 2021 TH Author Cybersecurity, DEV-0343, Microsoft security intelligence, Microsoft Threat Intelligence Center (MSTIC), nation-state actor

MSTIC has observed DEV-0343 conducting extensive password spraying against more than 250 Office 365 tenants, with a focus on United States and Israeli defense technology companies, Persian Gulf ports of entry, or global maritime transportation companies with business presence in the Middle East.
The post Iran-linked DEV-0343 targeting defense, GIS, and maritime sectors appeared first on Microsoft Security Blog. READ MORE HERE…

Microsoft Secure

GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s layered persistence

March 4, 2021 TH Author Azure Sentinel, Cybersecurity, Microsoft 365 Defender, Microsoft Defender for Endpoint, Microsoft security intelligence, Microsoft Threat Intelligence Center (MSTIC), nation-state actor, NOBELIUM

Microsoft has identified three new pieces of malware being used in late-stage activity by NOBELIUM – the actor behind the SolarWinds attacks, SUNBURST, and TEARDROP.
The post GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s layered persistence appeared first on Microsoft Security. READ MORE HERE…