Lucene search
K

13 matches found

Microsoft Malware Protection
Microsoft Malware Protection
added 2023/08/02 7:0 p.m.10 views

Midnight Blizzard conducts targeted social engineering over Microsoft Teams

Microsoft Threat Intelligence has identified highly targeted social engineering attacks using credential theft phishing lures sent as Microsoft Teams chats by the threat actor that Microsoft tracks as Midnight Blizzard previously tracked as NOBELIUM. This latest attack, combined with past activit...

7.7AI score
Exploits0
Kitploit
Kitploit
added 2022/01/22 8:30 p.m.33 views

Mandiant-Azure-AD-Investigator - PowerShell module for detecting artifacts that may be indicators of UNC2452 and other threat actor activity

This repository contains a PowerShell module for detecting artifacts that may be indicators of UNC2452 and other threat actor activity. Some indicators are "high-fidelity" indicators of compromise, while other artifacts are so called "dual-use" artifacts. Dual-use artifacts may be related to thre...

7.2AI score
Exploits0References4
ThreatPost
ThreatPost
added 2021/12/07 1:24 p.m.31 views

SolarWinds Attackers Spotted Using New Tactics, Malware

One year after the notorious and far-reaching SolarWinds supply-chain attacks, its orchestrators are on the offensive again. Researchers said they’ve seen the threat group – which Microsoft refers to as “Nobelium” and which is linked to Russia’s spy agency – compromising global business and...

8.1AI score
Exploits0References12
The Hacker News
The Hacker News
added 2021/07/30 10:0 a.m.69 views

Experts Uncover Several C&C Servers Linked to WellMess Malware

Cybersecurity researchers on Friday unmasked new command-and-control C2 infrastructure belonging to the Russian threat actor tracked as APT29, aka Cozy Bear, that has been spotted actively serving WellMess malware as part of an ongoing attack campaign. More than 30 C2 servers operated by the...

0.4AI score
Exploits0
FireEye
FireEye
added 2021/04/13 12:0 a.m.24 views

M-Trends 2021: A View From the Front Lines

We are thrilled to launch M-Trends 2021, the 12th edition of our annual FireEye Mandiant publication. The past year has been unique, as we witnessed an unprecedented combination of global events. Business operations shifted in response to the worldwide pandemic and threat actors continued to...

0.6AI score
Exploits0References5
The Hacker News
The Hacker News
added 2021/03/05 9:20 a.m.61 views

Researchers Find 3 New Malware Strains Used by SolarWinds Hackers

FireEye and Microsoft on Thursday said they discovered three more malware strains in connection with the SolarWinds supply-chain attack, including a "sophisticated second-stage backdoor," as the investigation into the sprawling espionage campaign continues to yield fresh clues about the threat...

0.3AI score
Exploits0
FireEye
FireEye
added 2021/03/04 12:0 a.m.128 views

New SUNSHUTTLE Second-Stage Backdoor Uncovered Targeting U.S.-Based Entity; Possible Connection to UNC2452

Executive Summary In August 2020, a U.S.-based entity uploaded a new backdoor that we have named SUNSHUTTLE to a public malware repository. SUNSHUTTLE is a second-stage backdoor written in GoLang that features some detection evasion capabilities. Mandiant observed SUNSHUTTLE at a victim compromis...

1AI score
Exploits0References2
Schneier on Security
Schneier on Security
added 2021/01/21 12:31 p.m.73 views

SVR Attacks on Microsoft 365

FireEye is reporting the current known tactics that the SVR used to compromise Microsoft 365 cloud data as part of its SolarWinds operation: Mandiant has observed UNC2452 and other threat actors moving laterally to the Microsoft 365 cloud using a combination of four primary techniques: Steal the...

1.6AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/20 4:59 a.m.65 views

SolarWinds Hackers Also Breached Malwarebytes Cybersecurity Firm

Malwarebytes on Tuesday said it was breached by the same group who broke into SolarWinds to access some of its internal emails, making it the fourth major cybersecurity vendor to be targeted after FireEye, Microsoft, and CrowdStrike. The company said its intrusion was not the result of a SolarWin...

1AI score
Exploits0
FireEye
FireEye
added 2021/01/19 12:0 a.m.59 views

Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452

UPDATE Oct. 28, 2021: Mandiant has recently observed targeted threat actors using EWS impersonation via the ApplicationImpersonation role to maintain persistent access to mailboxes in victim environments. Once the threat actor has access to this role, its abuse is hard to detect and provides the...

1.6AI score
Exploits0References15
Securelist
Securelist
added 2021/01/11 10:0 a.m.87 views

Sunburst backdoor – code overlaps with Kazuar

Introduction On December 13, 2020, FireEye published a blog post detailing a supply chain attack leveraging Orion IT, an infrastructure monitoring and management platform by SolarWinds. In parallel, Volexity published an article with their analysis of related attacks, attributed to an actor named...

7.4AI score
Exploits0
FireEye
FireEye
added 2020/12/24 12:0 a.m.141 views

SUNBURST Additional Technical Details

FireEye has discovered additional details about the SUNBURST backdoor since our initial publication on Dec. 13, 2020. Before diving into the technical depth of this malware, we recommend readers familiarize themselves with our blog post about the SolarWinds supply chain compromise, which revealed...

7AI score
Exploits0References7
FireEye
FireEye
added 2020/12/13 12:0 a.m.619 views

Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor

Executive Summary We have discovered a global intrusion campaign. We are tracking the actors behind this campaign as UNC2452. FireEye discovered a supply chain attack trojanizing SolarWinds Orion business software updates in order to distribute malware we call SUNBURST. The attacker’s post...

0.1AI score
Exploits0References2
Rows per page
Query Builder