Since October 22, 2024, Microsoft Threat Intelligence has observed Russian threat actor Midnight Blizzard sending a series of highly targeted spear-phishing emails to individuals in government, academia, defense, non-governmental organizations, and other sectors.
This activity is ongoing, and Microsoft will continue to investigate and provide updates as available. Based on our investigation of previous Midnight Blizzard spear-phishing campaigns, we assess that the goal of this operation is likely intelligence collection. Microsoft is releasing this blog to notify the public and disrupt this threat actor activity. This blog provides context on these external spear-phishing attempts, which are common attack techniques and do not represent any new compromise of Microsoft.
Read more…
Source: Microsoft
Related:
- WastedLocker: technical analysis
July 31, 2020
The use of crypto-ransomware in targeted attacks has become an ordinary occurrence lately: new incidents are being reported every month, sometimes even more often. On July 23, Garmin, a major manufacturer of navigation equipment and smart devices, including smart watches and bracelets, experienced a massive service outage. As confirmed by an official statement later, the cause ...
- US defense and aerospace sectors targeted in new wave of North Korean attacks
July 30, 2020
Tracked under the codename of “Operation North Star,” McAfee said these attacks have been linked to infrastructure and TTPs (Techniques, Tactics, and Procedures) previously associated with Hidden Cobra — an umbrella term the US government uses to describe all North Korean state-sponsored hacking groups. As for the attacks themselves, McAfee said they were run-of-the-mill spear-phishing emails ...
- FBI warns of Netwalker ransomware targeting US government and organisations
July 29, 2020
The FBI has issued a security alert about Netwalker ransomware operators targeting U.S. and foreign government organizations, advising their victims not to pay the ransom and reporting incidents to their local FBI field offices. FBI’s flash alert also provides indicators of compromise associated with the Netwalker ransomware (also known as Mailto) and includes a list of ...
- Billions of Devices Impacted by Secure Boot Bypass
July 29, 2020
Billions of Windows and Linux devices are vulnerable to cyberattacks stemming from a bug in the GRUB2 bootloader, researchers are warning. GRUB2 (which stands for the GRand Unified Bootloader version 2) is the default bootloader for the majority of computing systems. Its job is to manage part of the start-up process – it either presents a ...
- Critical Bugs in Utilities VPNs Could Cause Physical Damage
July 29, 2020
Remote code-execution vulnerabilities in virtual private network (VPN) products could impact the physical functioning of critical infrastructure in the oil and gas, water and electric utilities space, according to researchers. Researchers at Claroty found that VPNs used to provide remote access to operational technology (OT) networks in industrial systems are vulnerable to an array of security ...
- Foreseeing cyber vulnerabilities of nuclear facilities in South Asia
July 29, 2020
In this era of rapidly evolving technology, nuclear facilities are exposed to dynamic and evolving spectrum of cyber vulnerabilities. Cyber-attacks on nuclear facilities are a matter of concern and it’s not for the first time that a cyber-attack has been carried out. Such as attack on nuclear program of Iran to serve the purpose of ...