MSTIC(Microsoft Threat Intelligence Center) has identified that threat actors(DEV-0343) are conducting extensive password spraying against more than 250 Office 365 tenants, with a focus on US and Israeli defense technology companies, Persian Gulf ports of entry, or global maritime transportation companies with business presence in the Middle East. Microsoft gives name like DEV-xxx to an unknown threat actor to track it as a unique set of information until they can reach high confidence about the origin or identity of the … Read more
According to Moscow headquartered firm Kaspersky, the new malware is called as ‘Tomiris’ and referred its similarities to another stage of malware using Sunshuttle. It targeted the IT management software provider’s Orion Platform , UNC2452, Solarstorm, Stellar Collections. Dark Halo and Iron Ritual are some of the names for Nobellium.
On Wednesday, cybersecurity authors reported a previously unknown backdoor that has been likely designed and developed by the Nobelium (APT) responsible for last year’s SolarWinds supply chain attack adding to … Read more
Kaspersky researchers had come across a Finspy surveillance malware campaign hijacking UEFI bootloader of windows for infecting the victim machines. The malware which is also called as Finfisher seems to be not infecting UEFI directly, instead it replaces the Windows Boot Manager (bootmgfw.efi) with a malicious one for the infection.
“we found a UEFI bootkit that was loading FinSpy. All machines infected with the UEFI bootkit had the Windows Boot Manager (bootmgfw.efi) replaced with a malicious one. … Read more
Microsoft in its continuous effort to protect its customers started analysing the Notorious Nobelium threat actors. Due to its constant effort it has come across the new backdoor campaign used by the threat actor dubbed “FoggyWeb” targeting to gain admin level access to Active directory federation service on victim organisation.
“NOBELIUM employs multiple tactics to pursue credential theft with the objective of gaining admin-level access to Active Directory Federation Services (AD FS) servers. Once NOBELIUM obtains credentials … Read more
Microsoft researchers have explained that a large phishing-as-a-service (PHaaS) operation that not only sells phishing kits and email templates but also provides criminals with hosting and other automated services. Microsoft researchers wrote that ‘In researching phishing attacks, we came across a campaign that used a rather high volume of newly created and unique subdomains – over 300,000 in a single run.
Microsoft 365 Defender Threat Intelligence team reported that 100 phishing templates are available for mimic brands and services, the … Read more