Profiling DEV-0270: PHOSPHORUS’ ransomware operations
Microsoft threat intelligence teams have been tracking multiple ransomware campaigns tied to DEV-0270, also known as Nemesis Kitten, a sub-group of Iranian actor PHOSPHORUS.
MERCURY leveraging Log4j 2 vulnerabilities in unpatched systems to target Israeli organizations
Microsoft detected an Iran-based threat actor the Microsoft Threat Intelligence Center (MSTIC) tracks as MERCURY leveraging exploitation of Log4j 2 vulnerabilities in SysAid applications against organizations located in Israel.
Disrupting SEABORGIUM’s ongoing phishing operations
The Microsoft Threat Intelligence Center (MSTIC) has observed and taken actions to disrupt campaigns launched by SEABORGIUM in campaigns involve persistent phishing and credential theft campaigns leading to intrusions and data theft.
Malicious IIS extensions quietly open persistent backdoors into servers
Attackers are increasingly leveraging managed IIS extensions as covert backdoors into servers, providing a durable persistence mechanism for attacks.
Retain Microsoft Security Experts
Microsoft Security Experts are now available to strengthen your team with managed security services. Learn how to defend against threats with security experts.
From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud
A large-scale phishing campaign that attempted to target over 10,000 organizations since September 2021 used adversary-in-the-middle (AiTM) phishing sites to steal passwords, hijack a user’s sign-in session, and skip the authentication process, even if the user had enabled multifactor authentication (MFA).
Improving AI-based defenses to disrupt human-operated ransomware
To disrupt human-operated ransomware attacks as early as possible, we enhanced the AI-based protections in Microsoft Defender for Endpoint with a range of specialized machine learning techniques that swiftly identify and block malicious files, processes, or behavior observed during active attacks.
The many lives of BlackCat ransomware
The use of an unconventional programming language, multiple target devices and possible entry points, and affiliation with prolific threat activity groups have made the BlackCat ransomware a prevalent threat and a prime example of the growing ransomware-as-a-service (RaaS) gig economy.
Beneath the surface: Uncovering the shift in web skimming
Web skimming campaigns now employ various obfuscation techniques to deliver and hide the skimming scripts. It’s a shift from earlier tactics where attackers conspicuously injected the malicious scripts into e-commerce platforms and content management systems (CMSs) via vulnerability exploitation, making this threat highly evasive to traditional security solutions.
Retain Microsoft Security Experts
Microsoft Security Experts are now available to strengthen your team with managed security services. Learn how to defend against threats with security experts.
Ransomware as a service: Understanding the cybercrime gig economy and how to protect yourself
Microsoft coined the term “human-operated ransomware” to clearly define a class of attack driven by expert human intelligence at every step of the attack chain and culminate in intentional business disruption and extortion.
A clearer lens on Zero Trust security strategy: Part 1
Today’s world is flooded with definitions and perspectives on Zero Trust, so we are kicking off a blog series to bring clarity to what Zero Trust is and means.
Dismantling ZLoader: How malicious ads led to disabled security tools and ransomware
Microsoft took action against the ZLoader trojan by working with telecommunications providers around the world to disrupt key ZLoader infrastructure. In this blog, we detail the various characteristics for identifying ZLoader activity, including its associated tactics, recent campaigns, and affiliated payloads, such as ransomware.
3 steps to secure your multicloud and hybrid infrastructure with Azure Arc
In this blog, we will share how you can increase security for on-premises and hybrid infrastructure through offerings including Azure Arc, Microsoft Defender for Cloud, and Secured-core for Azure Stack HCI.