Peach Sandstorm deploys new custom Tickler malware in long-running intelligence gathering operations

Credit to Author: Microsoft Threat Intelligence| Date: Wed, 28 Aug 2024 15:00:00 +0000

Between April and July 2024, Microsoft observed Iranian state-sponsored threat actor Peach Sandstorm deploying a new custom multi-stage backdoor, which we named Tickler. Tickler has been used in attacks against targets in the satellite, communications equipment, oil and gas, as well as federal and state government sectors in the United States and the United Arab […]

The post Peach Sandstorm deploys new custom Tickler malware in long-running intelligence gathering operations appeared first on Microsoft Security Blog.

Read more

Staying ahead of threat actors in the age of AI

Credit to Author: Microsoft Threat Intelligence| Date: Wed, 14 Feb 2024 12:00:00 +0000

Microsoft, in collaboration with OpenAI, is publishing research on emerging threats in the age of AI, focusing on identified activity associated with known threat actors Forest Blizzard, Emerald Sleet, Crimson Sandstorm, and others. The observed activity includes prompt-injections, attempted misuse of large language models (LLM), and fraud.

The post Staying ahead of threat actors in the age of AI appeared first on Microsoft Security Blog.

Read more

New TTPs observed in Mint Sandstorm campaign targeting high-profile individuals at universities and research orgs

Credit to Author: Microsoft Threat Intelligence| Date: Wed, 17 Jan 2024 17:00:00 +0000

Since November 2023, Microsoft has observed a distinct subset of Mint Sandstorm (PHOSPHORUS) targeting high-profile individuals working on Middle Eastern affairs at universities and research organizations in Belgium, France, Gaza, Israel, the United Kingdom, and the United States. In this campaign, the threat actor used bespoke phishing lures in an attempt to socially engineer targets into downloading malicious files.

The post New TTPs observed in Mint Sandstorm campaign targeting high-profile individuals at universities and research orgs appeared first on Microsoft Security Blog.

Read more

Microsoft shares threat intelligence at CYBERWARCON 2023

Credit to Author: Microsoft Threat Intelligence| Date: Thu, 09 Nov 2023 12:00:00 +0000

At the CYBERWARCON 2023 conference, Microsoft and LinkedIn analysts are presenting several sessions detailing analysis across multiple sets of threat actors and related activity, demonstrating Microsoft Threat Intelligence’s ongoing efforts to track threat actors, protect customers, and share information with the wider security community.

The post Microsoft shares threat intelligence at CYBERWARCON 2023 appeared first on Microsoft Security Blog.

Read more

Sophos Sandstorm comes to XG Firewall

Keeping intruders away from your network is an essential first line of defense. However, cybercriminals are constantly updating and refining their methods of attack, using unknown malware to evade conventional protection. This means organizations need additional tools, working with traditional anti-malware protection, to strengthen their defenses against unknown threats. For many companies though, these technologies […]

Read more