4 matches found
Storm-2561 Uses Fake Fortinet, Ivanti VPN Sites to Drop Hyrax Infostealer
In mid-January 2026, Microsoft Defender Experts identified a devious way that cybercriminals are tricking people into giving away…...
Storm-2561 Spreads Trojan VPN Clients via SEO Poisoning to Steal Credentials
Microsoft has disclosed details of a credential theft campaign that employs fake virtual private network VPN clients distributed through search engine optimization SEO poisoning techniques. "The campaign redirects users searching for legitimate enterprise software to malicious ZIP files on...
Storm-2561 uses SEO poisoning to distribute fake VPN clients for credential theft
In this article 1. From search to stolen credentials: Storm-2561 attack chain 2. Defending against credential theft campaigns 3. Microsoft Defender detection and hunting guidance 4. Indicators of compromise In mid-January 2026, Microsoft Defender Experts identified a credential theft campaign tha...
Storm-2561 uses SEO poisoning to distribute fake VPN clients for credential theft
In this article 1. From search to stolen credentials: Storm-2561 attack chain 2. Defending against credential theft campaigns 3. Microsoft Defender detection and hunting guidance 4. Indicators of compromise In mid-January 2026, Microsoft Defender Experts identified a credential theft campaign tha...