Since October 22, 2024, Microsoft Threat Intelligence has observed Russian threat actor Midnight Blizzard sending a series of highly targeted spear-phishing emails to individuals in government, academia, defense, non-governmental organizations, and other sectors.
This activity is ongoing, and Microsoft will continue to investigate and provide updates as available. Based on our investigation of previous Midnight Blizzard spear-phishing campaigns, we assess that the goal of this operation is likely intelligence collection. Microsoft is releasing this blog to notify the public and disrupt this threat actor activity. This blog provides context on these external spear-phishing attempts, which are common attack techniques and do not represent any new compromise of Microsoft.
Read more…
Source: Microsoft
Related:
- #StopRansomware: Akira Ransomware
November 13, 2025
The United States’ Federal Bureau of Investigation (FBI) and partner organisations are releasing this joint advisory to disseminate known Akira ransomware IOCs and TTPs identified through FBI investigations and trusted third-party reporting as recently as November 2025. Akira ransomware threat actors are associated with other groups known as Storm-1567, Howling Scorpius, Punk Spider, and Gold Sahara, ...
- 1 million victims, 17,500 fake sites: Google takes on toll-fee scammers
November 13, 2025
A Phishing-as-a-Service (PhaaS) platform based in China, known as “Lighthouse,” is the subject of a new Google lawsuit. Lighthouse enables smishing (SMS phishing) campaigns, and if you’re in the US there is a good chance you’ve seen their texts about a small amount you supposedly owe in toll fees. Here’s an example of a toll-fee scam ...
- CISA: Implementation Guidance for Emergency Directive on Cisco ASA and Firepower Device Vulnerabilities
November 12, 2025
CISA has released Emergency Cisco Directive 25-03 Implementation Guidance to assist federal agencies in addressing critical vulnerabilities in Cisco Adaptive Security Appliances (ASA) and Firepower devices. Emergency Directive 25-03: Identify and Mitigate Potential Compromise of Cisco Devices, issued on Sept. 25, identified known vulnerabilities CVE-2025-20333 and CVE-2025-20362, and mandated immediate action to mitigate risks. Threat actors continue to target ...
- Swedish Authority for Privacy Protection Investigates Data Breach Exposing 1.5 Million People
November 12, 2025
The Swedish Authority for Privacy Protection (IMY) is investigating a data breach at major government software supplier Miljödata that has compromised the personal information of 1.5 million people. Miljödata learned of the breach after experiencing system disruptions that affected government services, and a threat actor approached the company demanding 1.5 Bitcoin to avoid leaking the stolen ...
- UK: NHS providers reviewing stolen data published by cyber criminals
November 11, 2025
Pathology supplier Synnovis is contacting NHS organisations which had data stolen and published online following a major cyber attack last year. Synnovis has now completed its investigation into patient and staff data published online by the cyber criminal gang on 20 June 2024, which includes personal data such as names, NHS numbers, test results and test ...
- You Thought It Was Over? Authentication Coercion Keeps Evolving
November 10, 2025
Imagine a scenario where malicious actors don’t need to trick you into giving up your password. They have no need to perform sophisticated social engineering attacks or exploit vulnerabilities in your operating system.Instead, they can simply force your computer to authenticate to an attacker-controlled system, effectively commanding your machine to hand over valuable credentials. This attack ...