At the end of May 2024, Microsoft observed Storm-1811 using Microsoft Teams to send messages to and call target users. Tenants created by the threat actor are used to impersonate help desk personnel with names displayed as “Help Desk”, “Help Desk IT”, “H...
To learn about how the new taxonomy represents the origin, unique traits, and impact of threat actors, and to get a complete mapping of threat actor names, read this blog:Microsoft shifts to a new threat actor naming taxonomy. A group of actors originating from No...
In the last couple of months, Check Point Research (CPR) has been tracking the activity of a Chinese threat actor targeting Foreign Affairs ministries and embassies in Europe. Combined with other Chinese activity previously reported by Check Point Research, this represents a larger trend within the...
DDoSClient malware is a DDoS client known to be leveraged by ChinaZ. As an interesting fact about the progression of this threat actor group, at some point in time the source code of this client was hosted inGitHub, although DDosClient was originally code of ChinaZ. MalwareMustDie exposed th...
Recently, there was a blog post on the takedown of a botnet used by threat actor group known as Group 72 and their involvement in Operation SMN. This group is sophisticated, well funded, and exclusively targets high profile organizations with high value intellectual property in the manufacturing,...
Review each of these articles and take note of additional information--such as targets; tactics, techniques, and procedures (TTPs); and other IOCs--you can find about the Magecart threat actor group. Select the WHOIS tab and compare the WHOIS information between mypillow[.]com and...
It is likely the threat actor obtained employee names and email addresses from publicly available information online. The archives contained an obfuscated VBS downloader that downloads a second VBS script from a remote server to the user's %TEMP% folder. The first stage script was heavily ...
Intrusion Set- Name of ATT&CK Group Category:actor- source:https://github.com/mitre/cti- total:176elements [HTML] - [JSON] Malware Malware- Name of ATT&CK software Category:tool- source:https://github.com/mitre/cti- total:735elements ...
North Korean threat actor targets small and midsize businesses with H0lyGh0st ransomware A group of actors originating from North Korea that MSTIC tracks as DEV-0530 has been developing and using ransomware in attacks since June 2021. This group, which calls its...
After deploying web shells in Manic Menagerie 2.0, the threat actor initiated the deployment of coin miners. This was likely done to abuse the compromised servers' powerful computing resources for the threat actor’s financial gain through coin mining. During 2021-2022, upon the public disclosure ...