7 matches found
DEV-0196: QuaDream’s “KingsPawn” malware used to target civil society in Europe, North America, the Middle East, and Southeast Asia
April 2023 update – Microsoft Threat Intelligence has shifted to a new threat actor naming taxonomy aligned around the theme of weather. DEV-0196 is now tracked as Carmine Tsunami. To learn more about this evolution, how the new taxonomy represents the origin, unique traits, and impact of threat...
DEV-0196: QuaDream’s “KingsPawn” malware used to target civil society in Europe, North America, the Middle East, and Southeast Asia
April 2023 update – Microsoft Threat Intelligence has shifted to a new threat actor naming taxonomy aligned around the theme of weather. DEV-0196 is now tracked as Carmine Tsunami. To learn more about this evolution, how the new taxonomy represents the origin, unique traits, and impact of threat...
KNOTWEED exploits zero-days to target US and Europe
Threat Level Actor Report For a detailed advisory, download the pdf file here Summary KNOTWEED, an Austria-based private-sector offensive actor PSOA, are exploiting 0-day vulnerabilities of Windows and Adobe to perform targeted attacks against European and Central American customers by using thei...
Microsoft Uncovers Austrian Company Exploiting Windows and Adobe Zero-Day Exploits
A cyber mercenary that "ostensibly sells general security and information analysis services to commercial customers" used several Windows and Adobe zero-day exploits in limited and highly-targeted attacks against European and Central American entities. The company, which Microsoft describes as a...
Untangling KNOTWEED: European private-sector offensive actor using 0-day exploits
The Microsoft Threat Intelligence Center MSTIC and the Microsoft Security Response Center MSRC found a private-sector offensive actor PSOA using multiple Windows and Adobe 0-day exploits, including one for the recently patched CVE-2022-22047, in limited and targeted attacks against European and...
Untangling KNOTWEED: European private-sector offensive actor using 0-day exploits
The Microsoft Threat Intelligence Center MSTIC and the Microsoft Security Response Center MSRC found a private-sector offensive actor PSOA using multiple Windows and Adobe 0-day exploits, including one for the recently patched CVE-2022-22047, in limited and targeted attacks against European and...
Protecting customers from a private-sector offensive actor using 0-day exploits and DevilsTongue malware
The Microsoft Threat Intelligence Center MSTIC alongside the Microsoft Security Response Center MSRC has uncovered a private-sector offensive actor, or PSOA, that we are calling SOURGUM in possession of now-patched, Windows 0-day exploits CVE-2021-31979 and CVE-2021-33771. Private-sector offensiv...