↧
Image may be NSFW.
Clik here to view.
Clik here to view.
New “Prestige” ransomware impacts organizations in Ukraine and Poland
April 2023 update – Microsoft Threat Intelligence has shifted to a new threat actor naming taxonomy aligned around the theme of weather. IRIDIUM is now tracked as Seashell Blizzard. To learn about how...
View Article
Image may be NSFW.
Clik here to view.
Clik here to view.
Defenders beware: A case for post-ransomware investigations
Ransomware is one of the most pervasive threats that Microsoft Detection and Response Team (DART) responds to today. The groups behind these attacks continue to add sophistication to their tactics,...
View Article
Image may be NSFW.
Clik here to view.
Clik here to view.
DEV-0832 (Vice Society) opportunistic ransomware campaigns impacting US...
April 2023 update – Microsoft Threat Intelligence has shifted to a new threat actor naming taxonomy aligned around the theme of weather. DEV-0832 is now tracked as Vanilla Tempest. To learn about how...
View Article
Image may be NSFW.
Clik here to view.
Clik here to view.
Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware...
April 2023 update – Microsoft Threat Intelligence has shifted to a new threat actor naming taxonomy aligned around the theme of weather. DEV-0206 is now tracked as Mustard Tempest DEV-0243 is now...
View Article
Image may be NSFW.
Clik here to view.
Clik here to view.
Stopping C2 communications in human-operated ransomware through network...
Command-and-control (C2) servers are an essential part of ransomware, commodity, and nation-state attacks. They are used to control infected devices and perform malicious activities like downloading...
View Article
Image may be NSFW.
Clik here to view.
Clik here to view.
The five-day job: A BlackByte ransomware intrusion case study
As ransomware attacks continue to grow in number and sophistication, threat actors can quickly impact business operations if organizations are not well prepared. In a recent investigation by Microsoft...
View Article
Image may be NSFW.
Clik here to view.
Clik here to view.
Storm-0978 attacks reveal financial and espionage motives
August 8, 2023 update: Microsoft released security updates to address CVE-2023-36884. Customers are advised to apply patches, which supersede the mitigations listed in this blog, as soon as possible....
View Article
Image may be NSFW.
Clik here to view.
Clik here to view.
Malware distributor Storm-0324 facilitates ransomware access
The threat actor that Microsoft tracks as Storm-0324 is a financially motivated group known to gain initial access using email-based initial infection vectors and then hand off access to compromised...
View Article
Image may be NSFW.
Clik here to view.
Clik here to view.
Automatic disruption of human-operated attacks through containment of...
Our experience and insights from real-world incidents tell us that the swift containment of compromised user accounts is key to disrupting hands-on-keyboard attacks, especially those that involve...
View Article
Image may be NSFW.
Clik here to view.
Clik here to view.
Octo Tempest crosses boundaries to facilitate extortion, encryption, and...
Microsoft has been tracking activity related to the financially motivated threat actor Octo Tempest, whose evolving campaigns represent a growing concern for organizations across multiple industries....
View Article
Image may be NSFW.
Clik here to view.
Clik here to view.
Threat actors misusing Quick Assist in social engineering attacks leading to...
Since mid-April 2024, Microsoft Threat Intelligence has observed the threat actor Storm-1811 misusing the client management tool Quick Assist to target users in social engineering attacks. Storm-1811...
View Article
Image may be NSFW.
Clik here to view.
Clik here to view.
Defenders beware: A case for post-ransomware investigations
Ransomware is one of the most pervasive threats that Microsoft Detection and Response Team (DART) responds to today. The groups behind these attacks continue to add sophistication to their tactics,...
View Article
Image may be NSFW.
Clik here to view.
Clik here to view.
DEV-0832 (Vice Society) opportunistic ransomware campaigns impacting US...
April 2023 update – Microsoft Threat Intelligence has shifted to a new threat actor naming taxonomy aligned around the theme of weather. DEV-0832 is now tracked as Vanilla Tempest. To learn about how...
View Article
Image may be NSFW.
Clik here to view.
Clik here to view.
Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware...
April 2023 update – Microsoft Threat Intelligence has shifted to a new threat actor naming taxonomy aligned around the theme of weather. DEV-0206 is now tracked as Mustard Tempest DEV-0243 is now...
View Article
Image may be NSFW.
Clik here to view.
Clik here to view.
Stopping C2 communications in human-operated ransomware through network...
Command-and-control (C2) servers are an essential part of ransomware, commodity, and nation-state attacks. They are used to control infected devices and perform malicious activities like downloading...
View Article
Image may be NSFW.
Clik here to view.
Clik here to view.
The five-day job: A BlackByte ransomware intrusion case study
As ransomware attacks continue to grow in number and sophistication, threat actors can quickly impact business operations if organizations are not well prepared. In a recent investigation by Microsoft...
View Article
Image may be NSFW.
Clik here to view.
Clik here to view.
Storm-0978 attacks reveal financial and espionage motives
August 8, 2023 update: Microsoft released security updates to address CVE-2023-36884. Customers are advised to apply patches, which supersede the mitigations listed in this blog, as soon as possible....
View Article
Image may be NSFW.
Clik here to view.
Clik here to view.
Malware distributor Storm-0324 facilitates ransomware access
The threat actor that Microsoft tracks as Storm-0324 is a financially motivated group known to gain initial access using email-based initial infection vectors and then hand off access to compromised...
View Article
Image may be NSFW.
Clik here to view.
Clik here to view.
Automatic disruption of human-operated attacks through containment of...
Our experience and insights from real-world incidents tell us that the swift containment of compromised user accounts is key to disrupting hands-on-keyboard attacks, especially those that involve...
View Article
Image may be NSFW.
Clik here to view.
Clik here to view.
Octo Tempest crosses boundaries to facilitate extortion, encryption, and...
Microsoft has been tracking activity related to the financially motivated threat actor Octo Tempest, whose evolving campaigns represent a growing concern for organizations across multiple industries....
View Article