Infosecurity News
Microsoft Targets Prolific Outlook Fraudster Storm-1152
Microsoft disrupts Vietnam based threat actor Storm-1152, who has sold 750 million fake accounts
The Hacker News
Microsoft Takes Legal Action to Crack Down on Storm-1152's Cybercrime Network
Microsoft takes down a major cybercriminal group, Storm-1152, responsible for distributing 750 million fraudulent Microsoft accounts and tools.
Cyber Security News
Microsoft Seized Storm-1152 Websites Used to Sell Microsoft Products & Accounts
Hackers sell fake Microsoft products and accounts because it allows them to profit from illicit activities, taking advantage of unsuspecting users.
CyberNews
Cybercriminals selling fraudulent Outlook accounts taken down by Microsoft
Storm-1152 enabled cybercriminals to conduct a host of illegal and abusive behaviors online.
The Hacker News
Microsoft Warns of Storm-0539: The Rising Threat Behind Holiday Gift Card Frauds
Microsoft warns of the growing threat from "Storm-0539," an emerging group orchestrating gift card fraud via sophisticated email and SMS phishing atta
Security Affairs
Microsoft mitigated an attack by Chinese threat actor Storm-0558
Microsoft announced it has mitigated a cyber attack by a China-linked threat actor, tracked as Storm-0558, which targeted customer emails. Microsoft announced it has mitigated an attack conducted by a China-linked threat actor, tracked as Storm-0558, which targeted customer emails. Storm-0558 threat actors focus on government agencies in Western Europe and were observed conducting cyberespionage, […]
The Cyber Express
Dark Storm Team Announces Cyberattack Targeting NATO, Israel, and Allies.
The hacking group Dark Storm Team has issued a menacing ultimatum, vowing to unleash a wave of cyberattacks targeting the
CSO
Microsoft cracks down on group operating ‘cybercrime-as-a-service’
Microsoft has aggressively pursued legal measures to dismantle Storm-1152’s network, seizing its US-based infrastructure, shutting down key websites, and rigorously investigating to identify the individuals responsible for the group’s activities.
SecurityWeek
Over 200 Organizations Take Part in CISA's Cyber Storm Exercise
CISA hosted Cyber Storm VIII, a three-day national cyber exercise whose goal was to test preparedness to a cyber-crisis impacting critical infrastructure.
Bleeping Computer
Custom macOS malware of Chinese hackers ‘Storm Cloud’ exposed
Researchers have discovered a previously unknown macOS malware variant called GIMMICK, which is believed to be a custom tool used by a Chinese espionage threat actor known as 'Storm Cloud.'
Bleeping Computer
Microsoft seizes domains used to sell fraudulent Outlook accounts
Microsoft's Digital Crimes Unit seized multiple domains used by a Vietnam-based cybercrime group (Storm-1152) that registered over 750 million fraudulent accounts and raked in millions of dollars by selling them online to other cybercriminals.
The Hacker News
MULTI#STORM Campaign Targets India and U.S. with Remote Access Trojans
A new phishing campaign named MULTI#STORM targets India and the U.S., using JavaScript files to deploy remote access trojans on compromised systems.
Trend Micro
Pawn Storm Uses Brute Force and Stealth Against High-Value Targets
Based on our estimates, from approximately April 2022 until November 2023, Pawn Storm attempted to launch NTLMv2 hash relay attacks through different methods, with huge peaks in the number of targets and variations in the government departments that it targeted.
DarkReading
Identity Concepts Underlie Cyber-Risk 'Perfect Storm'
Forgepoint Capital's Alberto Yépez discusses how the concept of identity is changing: It doesn't just mean "us" anymore.
Infosecurity News
Threat Actor Deploys Raven Storm Tool to Perform DDoS Attacks
The malware is reportedly capable of server takedown, Wi-Fi attacks and application layer attacks
HACKRead
Microsoft: Storm-1283's 927,000 Phishing Emails via Malicious OAuth Apps
Microsoft Warns of OAuth-Fueled Cyber Attacks Exploiting Cloud Infrastructure for Phishing and Cryptocurrency Mining.
HACKRead
Tycoon and Storm-1575 Linked to Phishing Attacks on US Schools
These groups launched phishing attacks using stealthy attack patterns to target officials at large US school districts, bypassing MFA protections.
DarkReading
Sophisticated Vishing Campaigns Take World by Storm
One South Korean victim gave up $3 million to cybercriminals, thanks to convincing law-enforcement impersonation scams that combine both psychology and technology.
CyberSecurity Dive
Box CEO on the ‘perfect storm’ of challenges in cybersecurity
“These are very, very complicated, dynamic, chaotic times on the security front,” Aaron Levie said.
The Hacker News
The Vulnerability of Zero Trust: Lessons from the Storm 0558 Hack
Zero Trust needs a deeper approach with Network Detection and Response (NDR) tools. Swiss-based ExeonTrace uses ML for anomaly detection.
Naked Security
Microsoft hit by Storm season – a tale of two semi-zero days
The first compromise didn’t get the crooks as far as they wanted, so they found a second one that did…
Infosecurity News
Microsoft Breach Exposed 60,000 State Department Emails
Chinese actor Storm-0558 compromised Outlook accounts
DataBreaches
Bug Bounties and Ransomware Demands: Storm Clouds Ahead for In-House Counsel
Michael Ward, Matthew Baker, and Jessica Wu of Baker Botts write about the conviction of Uber’s former security chief for felony violations of...
CyberNews
Largest companies pausing ads on X over antisemitic storm, Musk vows revenge
After Elon Musk, the owner of X, amplified an antisemitic trope on the platform, major firms have suspended advertising on the site.
CyberScoop
Russians allegedly storm Ukrainian ISP, blackmail it to switch to Russian networks
Russia has hit Ukrainian satellite broadband services and Internet providers since the beginning of the war and recently began physically attacking Ukrainian Internet companies, according to the state information agency.
The Hacker News
Surviving the 800 Gbps Storm: Gain Insights from Gcore's 2023 DDoS Attack Statistics
Learn how the DDoS attack landscape has changed in Q1-Q2 of 2023.
Infosecurity News
Chinese Hackers Breached Ambassador’s Email – Report
Storm-0558 attack was revealed last week
Infosecurity News
Microsoft: Gift Card Fraud Costing Businesses up to $100,000 Daily
Microsoft has warned of surging gift card fraud and sophisticated approaches from the group Storm-0539
Infosecurity News
Windows Quick Assist Exploited in Ransomware Attacks
Microsoft warned Storm-1811 started vishing attacks in April to gain access to target devices
The Hacker News
Gaza-Linked Cyber Threat Actor Targets Israeli Energy and Defense Sectors
Gaza-based hacker group Storm-1133 targets Israeli energy, defense, and telecom. Microsoft's report exposes tactics.
The Hacker News
Cybercriminals Exploiting Microsoft’s Quick Assist Feature in Ransomware Attacks
Beware of Storm-1811! This financially motivated group is abusing Microsoft's Quick Assist tool in social engineering attacks.
The Record
Morocco-based cybercriminals cashing in on bold gift card scams, Microsoft says
The group Storm-0539 infiltrates large retailers and issues gift card codes to themselves, "virtually printing their own money,” Microsoft explained.
The Hacker News
Iranian MOIS-Linked Hackers Behind Destructive Attacks on Albania and Israel
Iranian threat actor Void Manticore (Storm-0842) has been identified as the culprit behind destructive wiping attacks targeting Albania and Israel.
The Hacker News
Microsoft Warns of New Phishing Campaign Targeting Corporations via Teams Messages
Microsoft sounds the alarm on Storm-0324's tactics, luring its prey through Teams messages to breach corporate networks.
SecurityWeek
Chinese Cyberspies Used Forged Authentication Tokens to Hack Government Emails
Microsoft says a Chinese cyberespionage group tracked as Storm-0558 has used forged authentication tokens to access government emails.
Computerworld
Recent Teams, Office outages were caused by cyberattacks: Microsoft
The disruptions experienced in early June were DDoS attacks by a hacker group, Storm-1359, which could be linked to Russia.
SecurityWeek
Microsoft Blames Nation-State Threat Actor for Confluence Zero-Day Attacks
An APT group tracked as Storm-0062 has been hacking Confluence installations since mid-September, three weeks before Atlassian’s disclosure.
CyberNews
Microsoft names Hamas-linked group targeting Israel
The Gaza-based cyber group, tracked by Microsoft as Storm-1133, targeted Israel’s infrastructure ahead of Hamas’ attack on the country.
DarkReading
Microsoft ID Security Gaps That Let Threat Actor Steal Signing Key
China's Storm-0558 accessed user emails at some 25 enterprise organizations earlier this year using forged tokens.
.webp)
Cyber Security News
FBI Warns of Phishing Attack Targeting Retail Corporate Offices
The FBI has issued a warning about a sophisticated phishing and smishing campaign orchestrated by a cybercriminal group known as STORM-0539,.
The Hacker News
Azure AD Token Forging Technique in Microsoft Attack Extends Beyond Outlook, Wiz Reports
Chinese nation-state actor Storm-0558's attack on Microsoft's email infrastructure is more extensive than previously believed. Researchers at Wiz reve
The Hacker News
Moroccan Cybercrime Group Steals Up to $100K Daily Through Gift Card Fraud
Storm-0539 steals up to $100K/day from companies through sophisticated gift card fraud. Learn how to protect your organization from this growing thre
Cyber Security News
Moonstone Sleet New North Korean Hacker Group With Unique Tricks
Microsoft has identified a new North Korean threat actor, now tracked as Moonstone Sleet (formerly Storm-1789).
The Hacker News
Microsoft Warns of Nation-State Hackers Exploiting Critical Atlassian Confluence Vulnerability
A critical flaw (CVE-2023-22515) in Atlassian Confluence is being exploited by a nation-state actor, Storm-0062.
CyberSecurity Dive
Microsoft hardens key issuance systems after state-backed hackers breach Outlook accounts
The China-linked group, which Microsoft calls Storm-1558, has adopted new techniques after it took steps to disrupt their recent hacking activity.
DataBreaches
ShadowSyndicate linked to 7 ransomware attacks in the past year
Kumar Hemant reports: ShadowSyndicate group (formerly known as Infra Storm) has been suspected of deploying seven different ransomware families in a series of...
The Hacker News
Outlook Breach: Microsoft Reveals How a Crash Dump Led to a Major Security Breach
Microsoft reveals how China-based threat group Storm-0558 compromised an engineer's corporate account that led to the theft of an Outlook signing key.
Infosecurity News
New Microsoft Teams Phishing Campaign Targets Corporate Employees
The new campaign is believed to be perpetrated by Storm-0324, which distributes the payloads of other attackers after achieving initial network compromise
Cyber Security News
Nation-state Hackers Exploiting Confluence Zero-day Vulnerability
Microsoft has detected the nation-state threat actor Storm-0062, also known as DarkShadow or Oro0lxy, exploiting CVE-2023-22515.
Bleeping Computer
Hackers stole Microsoft signing key from Windows crash dump
Microsoft says Storm-0558 Chinese hackers stole a signing key used to breach government email accounts from a Windows crash dump after compromising a Microsoft engineer's corporate account.
DataBreaches
SANSA breach: International hacker group claims responsibility for Space Agency leak
Storm Simpson reports: A new internet hacking group has claimed responsibility for a data breach at the South African National Space Agency (SANSA). The group,...
The Cyber Express
UNDP Hit by Cyberattack: HR and Procurement Data Breached
The United Nations Development Programme (UNDP) finds itself at the center of a cybersecurity storm as it grapples with the
Bleeping Computer
Microsoft spots gift card thieves using cyber-espionage tactics
Microsoft has published a "Cyber Signals" report sharing new information about the hacking group Storm-0539 and a sharp rise in gift card theft as we approach the Memorial Day holiday in the United States.
HACKRead
Microsoft Busts Black Market for 100s of Millions of Fraudulent Accounts
Microsoft Threat Intelligence, partnered with cybersecurity firm Arkose’s ACTIR, conducted a large-scale operation against online fraudulent login markets, successfully taking down Hotmailbox.me.
Bleeping Computer
Microsoft extends Purview Audit log retention after July breach
Microsoft is extending Purview Audit log retention as promised after the Chinese Storm-0558 hacking group breached dozens of Exchange and Microsoft 365 corporate and government accounts in July.
Bleeping Computer
Stolen Azure AD key offered widespread access to Microsoft cloud services
The Microsoft private encryption key stolen by Storm-0558 Chinese hackers provided them with access far beyond the Exchange Online and Outlook.com accounts that Redmond said were compromised, according to Wiz security researchers.
Bleeping Computer
Microsoft: State hackers exploiting Confluence zero-day since September
Microsoft says a Chinese-backed threat group tracked as 'Storm-0062' (aka DarkShadow or Oro0lxy) has been exploiting a critical privilege escalation zero-day in the Atlassian Confluence Data Center and Server since September 14, 2023.
.webp)
Cyber Security News
IoT Device Definition Types And The Four Most Popular In 2023
IoT - the global phenomenon which has taken the world by storm in 2023 was first coined in 1999 by Kevin Ashton.
Bleeping Computer
Stolen Microsoft key offered widespread access to Microsoft cloud services
The Microsoft consumer signing key stolen by Storm-0558 Chinese hackers provided them with access far beyond the Exchange Online and Outlook.com accounts that Redmond said were compromised, according to Wiz security researchers.
CyberNews
Ukrainian embassy in London suffers from constant cyberattacks | CyberNews
Just as it has recently seemed like calm before the storm on the cyber front, the Ukrainian embassy to the UK reported being under siege, following a wave of cyberattacks.
SC Magazine
Should tech layoff wave worry cybersecurity pros?
Cybersecurity workers and infosec firms are well positioned to weather the layoff storm, experts say.
DarkReading
Millions of Microsoft Accounts Power Lattice of Automated Cyberattacks
Crimeware-as-a-service (CaaS) gang flies past CAPTCHAs, creating fraudulent accounts to sell to the likes of Scattered Spider; Microsoft mounts a counterattack.
Bleeping Computer
The Week in Ransomware - December 17th 2021 - Enter Log4j
A critical Apache Log4j vulnerability took the world by storm this week, and now it is being used by threat actors as part of their ransomware attacks.
DarkReading
Feds to Microsoft: Clean Up Your Cloud Security Act Now
A federal review board demanded that the tech giant prioritize its "inadequate" security posture, putting the blame solely on the company for last year's Microsoft 365 breach that allowed China's Storm-0558 to hack the email accounts of key government officials.
The Record
Most attackers lose interest in Log4Shell
After all the hype in December last year, threat actors appear to have lost interest in exploiting the Log4Shell vulnerability, as both Sophos and the SANS Internet Storm Center are reporting dwindling numbers this year.
CyberScoop
Satellite hack on eve of Ukraine war was a coordinated, multi-pronged assault
The satellite hack that took the world by storm was more complex than initially thought, according to a Viasat executive.
The Record
Microsoft disrupts credentials marketplace, warns of gift card fraud, OAuth abuse
The tech giant published two warnings about threats from hackers and described how it took down a Vietnam-based marketplace for fraudulent credentials.
Latest Hacking News
Unmasking the Multi-Stage AiTM Phishing and BEC Attack on Financial Institutions
Recently, Microsoft's Defender Experts uncovered a sophisticated multi-stage adversary-in-the-middle (AiTM) phishing and business email compromise (BEC) attack, which targeted banking and financial services organizations. The attack, tracked as Storm-1167, was initiated from a compromised trusted
Security Affairs
Anonymous Sudan claims to have stolen 30 million Microsoft’s customer accounts
Microsoft denied the data breach after the collective of hacktivists known as Anonymous Sudan claimed to have hacked the company. In early June, Microsoft suffered severe outages for some of its services, including Outlook email, OneDrive file-sharing apps, and the cloud computing infrastructure Azure. A collective known as Anonymous Sudan (aka Storm-1359) claimed responsibility for […]
Security Affairs
Microsoft: June Outlook and cloud platform outages were caused by DDoS
Microsoft confirmed that the recent outages to the Azure, Outlook, and OneDrive services were caused by cyber attacks. In early June, Microsoft suffered severe outages for some of its services, including Outlook email, OneDrive file-sharing apps, and the cloud computing infrastructure Azure. A collective known as Anonymous Sudan (aka Storm-1359) claimed responsibility for the DDoS […]
Security Affairs
China-linked GIMMICK implant now targets macOS
Gimmick is a newly discovered macOS implant developed by the China-linked APT Storm Cloud and used to target organizations across Asia. In late 2021, Volexity researchers investigated an intrusion in an environment they were monitoring and discovered a MacBook Pro running macOS 11.6 (Big Sur) that was compromised with a previously unknown macOS malware tracked […]
Security Affairs
Microsoft disrupted APT28 attacks on Ukraine through a court order
Microsoft obtained a court order to take over seven domains used by the Russia-linked APT28 group to target Ukraine. Microsoft on Thursday announced it has obtained a court order to take over seven domains used by Russia-linked cyberespionage group APT28 in attacks against Ukraine. The APT28 group (aka Fancy Bear, Pawn Storm, Sofacy Group, Sednit, and STRONTIUM) has been active since at least 2007 […]
Security Affairs
DoJ charged Tornado Cash founders with laundering more than $1 billion
The U.S. DoJ charged two men with operating the Tornado Cash service and laundering more than $1 Billion in criminal proceeds. The U.S. Justice Department charged two Tornado Cash founders ROMAN STORM and ROMAN SEMENOV have been charged with one count of conspiracy to commit money laundering and one count of conspiracy to violate the […]
Security Affairs
Bronze Starlight targets the Southeast Asian gambling sector
Experts warn of an ongoing campaign attributed to China-linked Bronze Starlight that is targeting the Southeast Asian gambling sector. SentinelOne observed China-linked APT group Bronze Starlight (aka APT10, Emperor Dragonfly or Storm-0401) targeting the gambling sector within Southeast Asia. The malware and infrastructure employed in the campaign are linked to the ones observed in Operation ChattyGoblin attributed by the […]
Security Affairs
Russia-linked APT28 hacked Roundcube email servers of Ukrainian entities
Russia-linked APT28 group hacked into Roundcube email servers belonging to multiple Ukrainian organizations. A joint investigation conducted by Ukraine’s Computer Emergency Response Team (CERT-UA) and Recorded Future revealed that the Russia-linked APT28 group hacked into Roundcube email servers belonging to multiple Ukrainian organizations. The APT28 group (aka Fancy Bear, Pawn Storm, Sofacy Group, Sednit, BlueDelta, and STRONTIUM) has been active since at least 2007 […]
Security Affairs
Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies
CERT-UA warns of a spear-phishing campaign conducted by APT28 group targeting Ukrainian government bodies with fake ‘Windows Update’ guides. Russia-linked APT28 group is targeting Ukrainian government bodies with fake ‘Windows Update’ guides, Computer Emergency Response Team of Ukraine (CERT-UA) warns. The APT28 group (aka Fancy Bear, Pawn Storm, Sofacy Group, Sednit, and STRONTIUM) has been active since at least 2007 and it has targeted governments, […]
Ars Technica
How Microsoft’s cybercrime unit has evolved to combat increased threats
Microsoft has honed its strategy to disrupt global cybercrime and state-backed actors.
Security Affairs
Security Affairs newsletter Round 450 by Pierluigi Paganini
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
Bleeping Computer
FBI warns of gift card fraud ring targeting retail companies
The FBI warned retail companies in the United States that a financially motivated hacking group has been targeting employees in their gift card departments in phishing attacks since at least January 2024.
The Record
Microsoft disables app installation protocol abused by hackers
Microsoft said Thursday that it disabled a feature intended to streamline app installation after it discovered financially motivated hacking groups using it to distribute malware.
CyberNews
Microsoft disables App Installer after observing financially motivated threat actor activity
Microsoft app installer offline
DarkReading
New Gift Card Scam Targets Retailers, Not Buyers, to Print Endless $$$
Microsoft researchers discover an old-timey scam with a facelift for the cloud era: hacking retailers' portals to make it rain gift cards.
CyberNews
FBI warns of fraudsters targeting gift card systems
The Federal Bureau of Investigation (FBI) has warned of heightened cybercriminal activity against employees at US retail corporate offices.
Infosecurity News
Pawn Storm’s Stealthy Net-NTLMv2 Assault Revealed
Trend Micro reported recent attacks focused on government sectors, including foreign affairs, energy, defense and transportation
Bleeping Computer
Ransomware access broker steals accounts via Microsoft Teams phishing
Microsoft says an initial access broker known for working with ransomware groups has recently switched to Microsoft Teams phishing attacks to breach corporate networks.
Security Affairs
Malvertising attacks rely on DanaBot to spread CACTUS Ransomware
Microsoft warns of ongoing malvertising attacks using the DanaBot malware to deploy the CACTUS ransomware....
The Hacker News
Microsoft Disables MSIX App Installer Protocol Widely Used in Malware Attacks
Microsoft takes action against malware threat: disables ms-appinstaller protocol handler by default.
Cyber Security News
Microsoft Struggling to Find How Hackers Steal the Azure AD Signing Key
Surprisingly, Microsoft remains unaware of how Chinese hackers acquired an inactive Microsoft account signing key to breach Exchange Online and Azure AD accounts.
Cyber Security News
Microsoft Disabled App Installer that Abused by Hackers to Install Malware
Threat actors, particularly those with financial motivations, have been observed spreading malware via the ms-appinstaller URI scheme.
Bleeping Computer
Microsoft still unsure how hackers stole MSA key in 2023 Exchange attack
The U.S. Department of Homeland Security's Cyber Safety Review Board (CSRB) has released a scathing report on how Microsoft handled its 2023 Exchange Online attack, warning that the company needs to do better at securing data and be more truthful about how threat actors stole an Azure signing key.
Latest Hacking News
Microsoft Disabled App Installer Following Malware Abuse
After detecting App Installer abuse for malware distribution for several months, Microsoft disabled the protocol handler by default. The tech giant took this initiative in a bid to protect the customers from further threats. Microsoft App
Ars Technica
Microsoft takes pains to obscure role in 0-days that caused email breach
Critics also decry Microsoft's "pay-to-play" monitoring that detected intrusions.
The Hacker News
Researchers Unmask Sandman APT's Hidden Link to China-Based KEYPLUG Backdoor
Tactical overlaps discovered between APT Sandman and China-based threat cluster using KEYPLUG backdoor.
The Record
Microsoft warns of Cactus ransomware actors using malvertising to infect victims
Hackers are using malware distributed through online advertisements to infect victims with Cactus ransomware, according to new research.
Ars Technica
Microsoft finally explains cause of Azure breach: An engineer’s account was hacked
Other failures along the way included a signing key improperly appearing in a crash dump.
DarkReading
Microsoft 365 Breach Risk Widens to Millions of Azure AD Apps
China-inked APT actors could have single-hop access to the gamut of Microsoft cloud services and apps, including SharePoint, Teams, and OneDrive, among many others.
The Cyber Express
Hacktivist Groups Target US Major Airports in Cyberattacks Over Gaza Conflict
The hacktivist groups Dark Strom Team and Anonymous Sudan have allegedly launched cyberattacks on US airports, citing American support for
Ars Technica
Hacker free-for-all fights for control of home and office routers everywhere
How and why nation-state hackers and cybercriminals coexist in the same router botnet.
The Record
Microsoft details a chain of mishaps leading to Outlook hack on government officials
A China-based hacking group was able to attack U.S. government email accounts earlier this year because it found information about a digital key after compromising a Microsoft engineer’s corporate account, the company reported Wednesday.
The Hacker News
Microsoft Warns of Malvertising Scheme Spreading CACTUS Ransomware
Microsoft Warns of New CACTUS Ransomware Threat. Malvertising used to deploy DanaBot as initial access. Learn more about this evolving cyber threat.
Loading more articles....