Since August 2023, Microsoft has observed intrusion activity targeting and successfully stealing credentials from multiple Microsoft customers that is enabled by highly evasive password spray attacks.
Microsoft has linked the source of these password spray attacks to a network of compromised devices we track as CovertNetwork-1658, also known as xlogin and Quad7 (7777). Microsoft is publishing this blog on how covert networks are used in attacks, with the goal of increasing awareness, improving defenses, and disrupting related activity against our customers.
Read more…
Source: Microsoft
Related:
- Victims risk AsyncRAT infection after being redirected to fake Booking.com sites
June 2, 2025
Cybercriminals have started a campaign of redirecting links placed on gaming sites and social media—and as sponsored ads—that lead to fake websites posing as Booking.com. According to Malwarebytes research, 40% of people book travel through a general online search, creating a lot of opportunities for scammers. The first signs of the campaign showed up mid-May and ...
- Key Linux systems may have security flaws which allow password theft
June 2, 2025
Cybersecurity researchers from Qualys have discovered two information disclosure vulnerabilities plaguing different Linux distros. The flaws, both of which are race condition bugs, allow threat actors to gain access to sensitive information. The first one is found in Ubuntu’s core dump-handler, Apport, and is tracked as CVE-2025-5054. The second one is found in the default core-dump ...
- Vanta bug exposed customers’ data to other customers
June 2, 2025
Compliance company Vanta has confirmed that a bug exposed the private data of some of its customers to other Vanta customers. The company told TechCrunch that the data exposure was a result of a product code change and not caused by an intrusion. Vanta, which helps corporate customers automate their security and compliance processes, said it ...
- Cartier confirms data breach, warns customers of potential targeted attacks
June 2, 2025
Cartier, the famous jewellery and watchmaker, is owned by Richemont, a Swiss-based luxury conglomerate has notified customers of a data breach that exposed limited personal information following a security lapse in its systems. The brand said the breach was swiftly contained and emphasised that no financial or sensitive login data was compromised. In a letter sent ...
- Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump
May 31, 2025
A mystery whistleblower calling himself GangExposed has exposed key figures behind the Conti and Trickbot ransomware crews, publishing a trove of internal files and naming names. The leaks include thousands of chat logs, personal videos, and ransom negotiations tied to some of the most notorious cyber-extortion gangs —believed to have raked in billions from companies, hospitals, ...
- Eight things we learned from WhatsApp vs. NSO Group spyware lawsuit
May 30, 2025
On May 6, WhatsApp scored a major victory against NSO Group when a jury ordered the infamous spyware maker to pay more than $167 million in damages to the Meta-owned company. The ruling concluded a legal battle spanning more than five years, which started in October 2019 when WhatsApp accused NSO Group of hacking more than ...