Since October 22, 2024, Microsoft Threat Intelligence has observed Russian threat actor Midnight Blizzard sending a series of highly targeted spear-phishing emails to individuals in government, academia, defense, non-governmental organizations, and other sectors.
This activity is ongoing, and Microsoft will continue to investigate and provide updates as available. Based on our investigation of previous Midnight Blizzard spear-phishing campaigns, we assess that the goal of this operation is likely intelligence collection. Microsoft is releasing this blog to notify the public and disrupt this threat actor activity. This blog provides context on these external spear-phishing attempts, which are common attack techniques and do not represent any new compromise of Microsoft.
Read more…
Source: Microsoft
Related:
- Data breach leaks a whopping 2.7 billion records inclusing smartphone and Wi-Fi info
February 16, 2025
A huge data breach has resulted in the leak of 2.7 billion records belonging to China’s Mars Hydro. The company is involved in indoor growing and hydroponics which is the process of growing plants without soil. The company offers LED grow lights, grow tents, and other products. Because many of the products it offers are controlled ...
- Zacks Investment hit in data breach – 12 million users potentially at risk
February 14, 2025
A report by BleepingComputer cites a thread posted on an underground hacking forum claiming to have breached Zacks in June 2024, gaining sensitive information on 12 million people, including names, usernames, email addresses, postal addresses, and phone numbers. The forum thread contained a small sample, and an offer for the entire batch in exchange for a ...
- Israel: Extortionists posed as women online, trapped victims with intimate photos
February 14, 2025
Two men were arrested on Thursday for operating a sophisticated sexual extortion network. According to the investigation, they posed as women on social media lured victims into sending intimate photos, and then threatened to expose the images unless they paid money. The prosecution stated: “They acted systematically, cynically exploiting their victims.” David Bracha, 26, from Rishon ...
- Upper Michigan: Cyber attack hits Sault Tribe offices
February 13, 2025
A ransomware attack that shut down gaming at all five Kewadin Casino locations also impacted other offices at an eastern Upper Peninsula tribe. The tribe made the announcement Monday and said it could be a week or more before regular operations can resume. “On Sunday morning, the Sault Ste. Marie Tribe of Chippewa Indians suffered a ...
- Ivanti Releases February 2025 Security Updates
February 12, 2025
Ivanti has released three security advisories in the February Security Update, which addresses vulnerabilities in Ivanti products. In the first advisory, two vulnerabilities were identified in Ivanti Cloud Services Application (CSA). The Ivanti CSA is an Internet appliance that provides secure communication and functionality over the Internet. It falls under the primary product of Ivanti Endpoint ...
- SonicOS SSL VPN Authentication Bypass Vulnerability (CVE-2024-53704)
February 12, 2025
A proof-of-concept (PoC) exploit has been published by security researchers for an authentication bypass vulnerability in the SonicOS SSL VPN component. SonicWall appliances provide virtual private network (VPN) and ‘next-gen’ firewall capabilities. SonicWall formally disclosed and released security updates addressing CVE-2024-53704 on 07 January 2025. Successful exploitation of CVE-2024-53704 could allow a remote, unauthenticated attacker to ...