state-sponsored threat actor – Computer Security Articles

Credit to Author: Microsoft Threat Intelligence and Microsoft Security Response Center (MSRC)| Date: Fri, 30 Aug 2024 16:00:00 +0000

Microsoft identified a North Korean threat actor exploiting a zero-day vulnerability in Chromium (CVE-2024-7971) to gain remote code execution (RCE) in the Chromium renderer process. Our assessment of ongoing analysis and observed infrastructure attributes this activity to Citrine Sleet, a North Korean threat actor that commonly targets the cryptocurrency sector for financial gain.

The post North Korean threat actor Citrine Sleet exploiting Chromium zero-day appeared first on Microsoft Security Blog.

Microsoft Security

Peach Sandstorm deploys new custom Tickler malware in long-running intelligence gathering operations

September 12, 2024 admin Sandstorm, state-sponsored threat actor

Credit to Author: Microsoft Threat Intelligence| Date: Wed, 28 Aug 2024 15:00:00 +0000

Between April and July 2024, Microsoft observed Iranian state-sponsored threat actor Peach Sandstorm deploying a new custom multi-stage backdoor, which we named Tickler. Tickler has been used in attacks against targets in the satellite, communications equipment, oil and gas, as well as federal and state government sectors in the United States and the United Arab […]

The post Peach Sandstorm deploys new custom Tickler malware in long-running intelligence gathering operations appeared first on Microsoft Security Blog.

Microsoft Security

Star Blizzard increases sophistication and evasion in ongoing attacks

December 9, 2023 admin blizzard, credential theft, star blizzard (seaborgium), state-sponsored threat actor

Credit to Author: Microsoft Threat Intelligence| Date: Thu, 07 Dec 2023 12:01:00 +0000

Microsoft Threat Intelligence continues to track and disrupt malicious activity attributed to a Russian state-sponsored actor we track as Star Blizzard, who has improved their detection evasion capabilities since 2022 while remaining focused on email credential theft against targets.

The post Star Blizzard increases sophistication and evasion in ongoing attacks appeared first on Microsoft Security Blog.

Microsoft Security

Multiple North Korean threat actors exploiting the TeamCity CVE-2023-42793 vulnerability

October 30, 2023 admin diamond sleet (zinc), sleet, state-sponsored threat actor

Credit to Author: Microsoft Threat Intelligence| Date: Wed, 18 Oct 2023 16:30:00 +0000

Since early October 2023, Microsoft has observed North Korean nation-state threat actors Diamond Sleet and Onyx Sleet exploiting the Jet Brains TeamCity CVE-2023-42793 remote-code execution vulnerability. Given supply chain attacks carried out by these threat actors in the past, Microsoft assesses that this activity poses a particularly high risk to organizations who are affected.

The post Multiple North Korean threat actors exploiting the TeamCity CVE-2023-42793 vulnerability appeared first on Microsoft Security Blog.