adversary-in-the-middle (aitm) – Computer Security Articles

Credit to Author: Microsoft Threat Intelligence| Date: Wed, 04 Dec 2024 17:00:00 +0000

Microsoft has observed Secret Blizzard compromising the infrastructure and backdoors of the Pakistan-based threat actor we track as Storm-0156 for espionage against the Afghanistan government and Indian Army targets.

The post Frequent freeloader part I: Secret Blizzard compromising Storm-0156 infrastructure for espionage appeared first on Microsoft Security Blog.

Microsoft Security

File hosting services misused for identity phishing

October 8, 2024 admin adversary-in-the-middle (aitm), credential theft, token theft

Credit to Author: Microsoft Threat Intelligence| Date: Tue, 08 Oct 2024 16:00:00 +0000

Since mid-April 2024, Microsoft has observed an increase in defense evasion tactics used in campaigns abusing file hosting services like SharePoint, OneDrive, and Dropbox. These campaigns use sophisticated techniques to perform social engineering, evade detection, and compromise identities, and include business email compromise (BEC) attacks.

The post File hosting services misused for identity phishing appeared first on Microsoft Security Blog.

Microsoft Security

Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction

October 30, 2023 admin adversary-in-the-middle (aitm), credential theft, elevation of privilege, extortion, human-operated ransomware, Ransomware as a Service, tempest

Credit to Author: Microsoft Incident Response and Microsoft Threat Intelligence| Date: Wed, 25 Oct 2023 16:30:00 +0000

Microsoft has been tracking activity related to the financially motivated threat actor Octo Tempest, whose evolving campaigns represent a growing concern for many organizations across multiple industries.

The post Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction appeared first on Microsoft Security Blog.