storm – Computer Security Articles

Frequent freeloader part II: Russian actor Secret Blizzard using tools of other groups to attack Ukraine

December 12, 2024 admin blizzard, credential theft, storm

Credit to Author: Microsoft Threat Intelligence| Date: Wed, 11 Dec 2024 17:00:00 +0000

Since January 2024, Microsoft has observed Secret Blizzard using the tools or infrastructure of other threat groups to attack targets in Ukraine and download its custom backdoors Tavdig and KazuarV2.

The post Frequent freeloader part II: Russian actor Secret Blizzard using tools of other groups to attack Ukraine appeared first on Microsoft Security Blog.

Microsoft Security

Frequent freeloader part I: Secret Blizzard compromising Storm-0156 infrastructure for espionage

December 5, 2024 admin adversary-in-the-middle (aitm), blizzard, storm

Credit to Author: Microsoft Threat Intelligence| Date: Wed, 04 Dec 2024 17:00:00 +0000

Microsoft has observed Secret Blizzard compromising the infrastructure and backdoors of the Pakistan-based threat actor we track as Storm-0156 for espionage against the Afghanistan government and Indian Army targets.

The post Frequent freeloader part I: Secret Blizzard compromising Storm-0156 infrastructure for espionage appeared first on Microsoft Security Blog.

Microsoft Security

Microsoft shares latest intelligence on North Korean and Chinese threat actors at CYBERWARCON

November 24, 2024 admin sleet, storm

Credit to Author: Microsoft Threat Intelligence| Date: Fri, 22 Nov 2024 11:00:00 +0000

At CYBERWARCON 2024, Microsoft Threat Intelligence analysts will share research and insights on North Korean and Chinese threat actors representing years of threat actor tracking, infrastructure monitoring and disruption, and their attack tooling.

The post Microsoft shares latest intelligence on North Korean and Chinese threat actors at CYBERWARCON appeared first on Microsoft Security Blog.

Microsoft Security

Chinese threat actor Storm-0940 uses credentials from password spray attacks from a covert network

October 31, 2024 admin storm

Credit to Author: Microsoft Threat Intelligence| Date: Thu, 31 Oct 2024 17:00:00 +0000

Since August 2023, Microsoft has observed intrusion activity targeting and successfully stealing credentials from multiple Microsoft customers that is enabled by highly evasive password spray attacks. Microsoft has linked the source of these password spray attacks to a network of compromised devices we track as CovertNetwork-1658, also known as xlogin and Quad7 (7777). Microsoft is […]

The post Chinese threat actor Storm-0940 uses credentials from password spray attacks from a covert network appeared first on Microsoft Security Blog.

Microsoft Security

Storm-0501: Ransomware attacks expanding to hybrid cloud environments

September 28, 2024 admin credential theft, ransomware, Ransomware as a Service, storm

Credit to Author: Microsoft Threat Intelligence| Date: Thu, 26 Sep 2024 17:00:00 +0000

Microsoft has observed the threat actor tracked as Storm-0501 launching a multi-staged attack where they compromised hybrid cloud environments and performed lateral movement from on-premises to cloud environment, leading to data exfiltration, credential theft, tampering, persistent backdoor access, and ransomware deployment. The said attack targeted multiple sectors in the United States, including government, manufacturing, transportation, […]

The post Storm-0501: Ransomware attacks expanding to hybrid cloud environments appeared first on Microsoft Security Blog.

Microsoft Security

Ransomware operators exploit ESXi hypervisor vulnerability for mass encryption

July 30, 2024 admin ransomware, storm

Credit to Author: Microsoft Threat Intelligence| Date: Mon, 29 Jul 2024 16:00:00 +0000

Microsoft Security researchers have observed a vulnerability used by various ransomware operators to get full administrative access to domain-joined ESXi hypervisors and encrypt the virtual machines running on them. The vulnerability involves creating a group called “ESX Admins” in Active Directory and adding an attacker-controlled user account to this group. This manipulation of the Active Directory group takes advantage of a privilege escalation vulnerability (CVE-2024-37085) in ESXi hypervisors that grants the added user full administrative access to the ESXi hypervisor. The vulnerability was fixed by VMware in their June release and ESXi administrators should install this security update.

The post Ransomware operators exploit ESXi hypervisor vulnerability for mass encryption appeared first on Microsoft Security Blog.

Microsoft Security

Threat actors misuse OAuth applications to automate financially driven attacks

December 13, 2023 admin credential theft, cryptocurrency mining, storm

Credit to Author: Microsoft Threat Intelligence| Date: Tue, 12 Dec 2023 18:00:00 +0000

Microsoft Threat Intelligence presents cases of threat actors misusing OAuth applications as automation tools in financially motivated attacks.

The post Threat actors misuse OAuth applications to automate financially driven attacks appeared first on Microsoft Security Blog.

ScadaICS Schneider

Are You Protected Against Power Surge Damage?

December 22, 2017 admin home safety, overvoltage, power surge, Residential, storm, surge damage, surge protection devices

Credit to Author: Anica Zagorac| Date: Fri, 22 Dec 2017 16:00:54 +0000

(The following information is applicable to readers living outside North America.) Did you know that lightning strikes the earth every second? Even though we’ve been rightly conditioned to worry about… Read more »

The post Are You Protected Against Power Surge Damage? appeared first on Schneider Electric Blog.

← Previous