{"id":49370,"date":"2022-11-18T21:29:00","date_gmt":"2022-11-18T21:29:00","guid":{"rendered":"https:\/\/www.darkreading.com\/endpoint\/dev-0569-ransomware-group-remarkably-innovative-microsoft-cautions"},"modified":"2022-11-18T21:29:00","modified_gmt":"2022-11-18T21:29:00","slug":"dev-0569-ransomware-group-remarkably-innovative-microsoft-cautions","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/dev-0569-ransomware-group-remarkably-innovative-microsoft-cautions\/","title":{"rendered":"DEV-0569 Ransomware Group Remarkably Innovative, Microsoft Cautions"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltcc4c131c650cf65b\/633b1ddcb024310ec5dfa683\/Ransomware_Haiyin_Wang_Alamy.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p>It generally starts with malvertising and ends with the deployment of Royal ransomware, but a new threat group has distinguished itself by its ability to innovate the malicious steps in between to lure in new targets.<\/p>\n<p>The cyberattack group, tracked by Microsoft Security Threat Intelligence as DEV-0569, is notable for its ability to continuously improve its discovery, detection evasion, and post-compromise payloads, according to a report this week from the computing giant.<\/p>\n<p>&#8220;DEV-0569 notably relies on <a href=\"https:\/\/www.darkreading.com\/dr-tech\/human-security-tackles-malvertising-with-clean-io-buy\" target=\"_blank\" rel=\"noopener\">malvertising<\/a>, phishing links that point to a malware downloader posing as software installers or updates embedded in spam emails, fake forum pages, and blog comments,&#8221; the Microsoft researchers said.<\/p>\n<p>In just a few months, the Microsoft team observed the group&#8217;s innovations, including hiding malicious links on organizations&#8217; contact forms; burying fake installers on legitimate download sites and repositories; and using Google ads in its campaigns to camouflage its malicious activities.<\/p>\n<p>&#8220;DEV-0569 activity uses signed binaries and delivers encrypted malware payloads,&#8221; the Microsoft team added. &#8220;The group, also known to rely heavily on defense evasion techniques, has continued to use the open-source tool Nsudo to attempt disabling antivirus solutions in recent campaigns.&#8221;<\/p>\n<p>The group&#8217;s success positions <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/11\/17\/dev-0569-finds-new-ways-to-deliver-royal-ransomware-various-payloads\/\" target=\"_blank\" rel=\"noopener\">DEV-0569<\/a> to serve as an access broker for other ransomware operations, Microsoft Security said.<\/p>\n<h2 class=\"regular-text\">How to Combat Cyberattack Ingenuity<\/h2>\n<p>New tricks aside, Mike Parkin, senior technical engineer at Vulcan Cyber, points out the threat group indeed makes adjustments along the edges of their campaign tactics, but consistently relies on users to make mistakes. Thus, for defense, user education is the key, he says.<\/p>\n<p>&#8220;The phishing and malvertising attacks reported here rely entirely on getting users to interact with the lure,&#8221; Parkin tells Dark Reading. &#8220;Which means that if the user doesn&#8217;t interact, there is no breach.&#8221;<\/p>\n<p>He adds, &#8220;Security teams need to stay ahead of the latest exploits and malware being deployed in the wild, but there is still an element of user education and awareness that&#8217;s required, and will always be required, to turn the user community from the main attack surface into a solid line of defense.&#8221;<\/p>\n<p>Making users impervious to lures certainly sounds like a solid strategy, but Chris Clements, vice president of solutions architecture at Cerberus Sentinel, tells Dark Reading it&#8217;s &#8220;both unrealistic and unfair&#8221; to expect users to maintain 100% vigilance in the face of increasingly convincing social engineering ploys. Instead, a more holistic approach to security is required, he explains.<\/p>\n<p>&#8220;It falls then to the technical and cybersecurity teams at an organization to ensure that a compromise of a single user doesn&#8217;t lead to widespread organizational damage from the most common cybercriminal goals of mass data theft and ransomware,&#8221; Clements says.<\/p>\n<h2 class=\"regular-text\">IAM Controls Matter<\/h2>\n<p>Robert Hughes, CISO at RSA, recommends starting with identity and access management (IAM) controls.<\/p>\n<p>&#8220;Strong identity and access governance can help control the lateral spread of malware and limit its impact, even after a failure at the human and endpoint malware prevention level, such as stopping authorized individual from clicking on a link and installing software that they are allowed to install,&#8221; Hughes tells Dark Reading. &#8220;Once you&#8217;ve ensured that your data and identities are safe, the fallout of a ransomware attack won&#8217;t be as damaging \u2014 and it won&#8217;t be as much of an effort to re-image an endpoint.&#8221;<\/p>\n<p>Phil Neray from CardinalOps agrees. He explains that tactics like malicious Google Ads are tough to defend against, so security teams must also focus on minimizing fallout once a ransomware attack occurs.<\/p>\n<p>&#8220;That means making sure the SoC has detections in place for suspicious or unauthorized behavior, such as privilege escalation and the use of <a href=\"https:\/\/www.darkreading.com\/endpoint\/china-based-billbug-apt-infiltrates-certificate-authority\" target=\"_blank\" rel=\"noopener\">living-off-the-land admin tools<\/a> like PowerShell and remote management utilities,&#8221; Neray says.<\/p>\n<p>Read More <a href=\"https:\/\/www.darkreading.com\/endpoint\/dev-0569-ransomware-group-remarkably-innovative-microsoft-cautions\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Although the group relies on good old phishing to deliver Royal ransomware, researchers say DEV-0569 regularly uses new and creative discovery techniques to lure victims.Read More <a href=\"https:\/\/www.darkreading.com\/endpoint\/dev-0569-ransomware-group-remarkably-innovative-microsoft-cautions\">HERE<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[151],"tags":[],"class_list":["post-49370","post","type-post","status-publish","format-standard","hentry","category-darkreading-ti"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>DEV-0569 Ransomware Group Remarkably Innovative, Microsoft Cautions 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/dev-0569-ransomware-group-remarkably-innovative-microsoft-cautions\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"DEV-0569 Ransomware Group Remarkably Innovative, Microsoft Cautions 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/dev-0569-ransomware-group-remarkably-innovative-microsoft-cautions\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2022-11-18T21:29:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltcc4c131c650cf65b\/633b1ddcb024310ec5dfa683\/Ransomware_Haiyin_Wang_Alamy.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/dev-0569-ransomware-group-remarkably-innovative-microsoft-cautions\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/dev-0569-ransomware-group-remarkably-innovative-microsoft-cautions\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"DEV-0569 Ransomware Group Remarkably Innovative, Microsoft Cautions\",\"datePublished\":\"2022-11-18T21:29:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/dev-0569-ransomware-group-remarkably-innovative-microsoft-cautions\\\/\"},\"wordCount\":624,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/dev-0569-ransomware-group-remarkably-innovative-microsoft-cautions\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/bltcc4c131c650cf65b\\\/633b1ddcb024310ec5dfa683\\\/Ransomware_Haiyin_Wang_Alamy.jpg\",\"articleSection\":[\"DarkReading |TI\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/dev-0569-ransomware-group-remarkably-innovative-microsoft-cautions\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/dev-0569-ransomware-group-remarkably-innovative-microsoft-cautions\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/dev-0569-ransomware-group-remarkably-innovative-microsoft-cautions\\\/\",\"name\":\"DEV-0569 Ransomware Group Remarkably Innovative, Microsoft Cautions 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/dev-0569-ransomware-group-remarkably-innovative-microsoft-cautions\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/dev-0569-ransomware-group-remarkably-innovative-microsoft-cautions\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/bltcc4c131c650cf65b\\\/633b1ddcb024310ec5dfa683\\\/Ransomware_Haiyin_Wang_Alamy.jpg\",\"datePublished\":\"2022-11-18T21:29:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/dev-0569-ransomware-group-remarkably-innovative-microsoft-cautions\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/dev-0569-ransomware-group-remarkably-innovative-microsoft-cautions\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/dev-0569-ransomware-group-remarkably-innovative-microsoft-cautions\\\/#primaryimage\",\"url\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/bltcc4c131c650cf65b\\\/633b1ddcb024310ec5dfa683\\\/Ransomware_Haiyin_Wang_Alamy.jpg\",\"contentUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/bltcc4c131c650cf65b\\\/633b1ddcb024310ec5dfa683\\\/Ransomware_Haiyin_Wang_Alamy.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/dev-0569-ransomware-group-remarkably-innovative-microsoft-cautions\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"DEV-0569 Ransomware Group Remarkably Innovative, Microsoft Cautions\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"DEV-0569 Ransomware Group Remarkably Innovative, Microsoft Cautions 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/dev-0569-ransomware-group-remarkably-innovative-microsoft-cautions\/","og_locale":"en_US","og_type":"article","og_title":"DEV-0569 Ransomware Group Remarkably Innovative, Microsoft Cautions 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/dev-0569-ransomware-group-remarkably-innovative-microsoft-cautions\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2022-11-18T21:29:00+00:00","og_image":[{"url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltcc4c131c650cf65b\/633b1ddcb024310ec5dfa683\/Ransomware_Haiyin_Wang_Alamy.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/dev-0569-ransomware-group-remarkably-innovative-microsoft-cautions\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/dev-0569-ransomware-group-remarkably-innovative-microsoft-cautions\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"DEV-0569 Ransomware Group Remarkably Innovative, Microsoft Cautions","datePublished":"2022-11-18T21:29:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/dev-0569-ransomware-group-remarkably-innovative-microsoft-cautions\/"},"wordCount":624,"commentCount":0,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/dev-0569-ransomware-group-remarkably-innovative-microsoft-cautions\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltcc4c131c650cf65b\/633b1ddcb024310ec5dfa683\/Ransomware_Haiyin_Wang_Alamy.jpg","articleSection":["DarkReading |TI"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.threatshub.org\/blog\/dev-0569-ransomware-group-remarkably-innovative-microsoft-cautions\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/dev-0569-ransomware-group-remarkably-innovative-microsoft-cautions\/","url":"https:\/\/www.threatshub.org\/blog\/dev-0569-ransomware-group-remarkably-innovative-microsoft-cautions\/","name":"DEV-0569 Ransomware Group Remarkably Innovative, Microsoft Cautions 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/dev-0569-ransomware-group-remarkably-innovative-microsoft-cautions\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/dev-0569-ransomware-group-remarkably-innovative-microsoft-cautions\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltcc4c131c650cf65b\/633b1ddcb024310ec5dfa683\/Ransomware_Haiyin_Wang_Alamy.jpg","datePublished":"2022-11-18T21:29:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/dev-0569-ransomware-group-remarkably-innovative-microsoft-cautions\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/dev-0569-ransomware-group-remarkably-innovative-microsoft-cautions\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/dev-0569-ransomware-group-remarkably-innovative-microsoft-cautions\/#primaryimage","url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltcc4c131c650cf65b\/633b1ddcb024310ec5dfa683\/Ransomware_Haiyin_Wang_Alamy.jpg","contentUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltcc4c131c650cf65b\/633b1ddcb024310ec5dfa683\/Ransomware_Haiyin_Wang_Alamy.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/dev-0569-ransomware-group-remarkably-innovative-microsoft-cautions\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"DEV-0569 Ransomware Group Remarkably Innovative, Microsoft Cautions"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/49370","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=49370"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/49370\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=49370"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=49370"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=49370"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}