MSTICPy January 2022 hackathon highlights
In January 2022, MSTIC ran its inaugural hack month for the open-source Jupyter and Python Security Tools library, MSTICPy. This blog highlights some of the contributions.
In January 2022, MSTIC ran its inaugural hack month for the open-source Jupyter and Python Security Tools library, MSTICPy. This blog highlights some of the contributions.
Our recent analysis of a phishing attack connected to the blockchain reaffirms the durability of threats like social engineering, as well as the need for security fundamentals to be built into related future systems and frameworks.
The Microsoft Threat Intelligence Center (MSTIC) is sharing information on a threat group named ACTINIUM, which has been operational for almost a decade and has consistently pursued access to organizations in Ukraine or entities related to Ukrainian affairs.
Our discovery and analysis of a sophisticated Mac trojan in October exposed a year-long evolution of a malware family—and depicts the rising complexity of threats across platforms.
We uncovered a large-scale, multi-phase campaign that adds a novel technique to traditional phishing tactics by joining an attacker-operated device to an organization’s network to further propagate the campaign.
Microsoft Threat Intelligence Center (MSTIC) has identified evidence of a destructive malware operation targeting multiple organizations in Ukraine.
A new macOS vulnerability, “powerdir,” could allow an attacker to bypass the operating system’s TCC technology and gain unauthorized access to a user’s protected data. We shared our findings with Apple through Coordinated Vulnerability Disclosure (CVD) and Apple released a fix.
Microsoft is tracking threats taking advantage of the remote code execution (RCE) vulnerability in Apache Log4j 2. Get technical info and guidance for using Microsoft security solutions to protect against attacks.
Multiple Qakbot campaigns that are active at any given time prove that the decade-old malware continues to be many attackers’ tool of choice, a customizable chameleon that adapts to suit the needs of the multiple threat actor groups that utilize it.
China-based threat actor NICKEL has been targeting governments, diplomatic entities, and non-governmental organizations (NGOs) across Central and South America, the Caribbean, and Europe. Today, Microsoft announced the successful seizure of a set of NICKEL-operated websites and disruption of ongoing attacks.