credential theft – PossibleThreat Articles

Credit to Author: Microsoft Threat Intelligence| Date: Tue, 08 Oct 2024 16:00:00 +0000

Since mid-April 2024, Microsoft has observed an increase in defense evasion tactics used in campaigns abusing file hosting services like SharePoint, OneDrive, and Dropbox. These campaigns use sophisticated techniques to perform social engineering, evade detection, and compromise identities, and include business email compromise (BEC) attacks.

The post File hosting services misused for identity phishing appeared first on Microsoft Security Blog.

Microsoft Security

Storm-0501: Ransomware attacks expanding to hybrid cloud environments

September 26, 2024 0 Comments credential theft, Ransomware, Ransomware as a Service, storm

Credit to Author: Microsoft Threat Intelligence| Date: Thu, 26 Sep 2024 17:00:00 +0000

Microsoft has observed the threat actor tracked as Storm-0501 launching a multi-staged attack where they compromised hybrid cloud environments and performed lateral movement from on-premises to cloud environment, leading to data exfiltration, credential theft, tampering, persistent backdoor access, and ransomware deployment. The said attack targeted multiple sectors in the United States, including government, manufacturing, transportation, […]

The post Storm-0501: Ransomware attacks expanding to hybrid cloud environments appeared first on Microsoft Security Blog.

Microsoft Security

“Dirty stream” attack: Discovering and mitigating a common vulnerability pattern in Android apps

May 2, 2024 0 Comments Android, credential theft, remote code execution

Credit to Author: Microsoft Threat Intelligence| Date: Wed, 01 May 2024 18:00:00 +0000

Microsoft discovered a vulnerability pattern in multiple popular Android applications that could enable a malicious application to overwrite files in the vulnerable application’s internal data storage directory, which could lead to arbitrary code execution and token theft, among other impacts. We have shared our findings with Google’s Android Application Security Research team, as well as the developers of apps found vulnerable to this issue. We anticipate that the vulnerability pattern could be found in other applications. We’re sharing this research more broadly so developers and publishers can check their apps for similar issues, fix as appropriate, and prevent them from being introduced into new apps or releases.

The post “Dirty stream” attack: Discovering and mitigating a common vulnerability pattern in Android apps appeared first on Microsoft Security Blog.

Microsoft Security

Threat actors misuse OAuth applications to automate financially driven attacks

December 14, 2023 0 Comments credential theft, cryptocurrency mining, storm, token theft

Credit to Author: Microsoft Threat Intelligence| Date: Tue, 12 Dec 2023 18:00:00 +0000

Microsoft Threat Intelligence presents cases of threat actors misusing OAuth applications as automation tools in financially motivated attacks.

The post Threat actors misuse OAuth applications to automate financially driven attacks appeared first on Microsoft Security Blog.

Microsoft Security

Star Blizzard increases sophistication and evasion in ongoing attacks

December 10, 2023 0 Comments blizzard, credential theft, star blizzard (seaborgium), state-sponsored threat actor

Credit to Author: Microsoft Threat Intelligence| Date: Thu, 07 Dec 2023 12:01:00 +0000

Microsoft Threat Intelligence continues to track and disrupt malicious activity attributed to a Russian state-sponsored actor we track as Star Blizzard, who has improved their detection evasion capabilities since 2022 while remaining focused on email credential theft against targets.

The post Star Blizzard increases sophistication and evasion in ongoing attacks appeared first on Microsoft Security Blog.

Microsoft Security

Social engineering attacks lure Indian users to install Android banking trojans

November 22, 2023 0 Comments Android, credential theft

Credit to Author: Microsoft Threat Intelligence| Date: Tue, 21 Nov 2023 04:30:00 +0000

Microsoft has observed ongoing activity from mobile banking trojan campaigns targeting users in India with social media messages and malicious applications designed to impersonate legitimate organizations and steal users’ information for financial fraud scams.

The post Social engineering attacks lure Indian users to install Android banking trojans appeared first on Microsoft Security Blog.

Microsoft Security

Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction

October 30, 2023 0 Comments adversary-in-the-middle (aitm), credential theft, elevation of privilege, extortion, human-operated ransomware, Ransomware as a Service, tempest

Credit to Author: Microsoft Incident Response and Microsoft Threat Intelligence| Date: Wed, 25 Oct 2023 16:30:00 +0000

Microsoft has been tracking activity related to the financially motivated threat actor Octo Tempest, whose evolving campaigns represent a growing concern for many organizations across multiple industries.

The post Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction appeared first on Microsoft Security Blog.

Microsoft Security

Midnight Blizzard conducts targeted social engineering over Microsoft Teams

August 7, 2023 0 Comments credential theft, midnight blizzard (nobelium)

Credit to Author: Microsoft Threat Intelligence| Date: Wed, 02 Aug 2023 19:00:00 +0000

Microsoft Threat Intelligence has identified highly targeted social engineering attacks using credential theft phishing lures sent as Microsoft Teams chats by the threat actor that Microsoft tracks as Midnight Blizzard (previously tracked as NOBELIUM).

The post Midnight Blizzard conducts targeted social engineering over Microsoft Teams appeared first on Microsoft Security Blog.

Microsoft Security

Detecting and preventing LSASS credential dumping attacks

October 5, 2022 0 Comments credential dumping, credential theft, cybersecurity, Microsoft security intelligence

Credit to Author: Paul Oliveria| Date: Wed, 05 Oct 2022 16:00:00 +0000

LSASS credential dumping is becoming prevalent, especially with the rise of human-operated ransomware. In May 2022, Microsoft participated in an evaluation conducted by AV-Comparatives specifically on detecting and blocking this attack technique and we’re happy to report that Microsoft Defender for Endpoint achieved 100% detection and prevention scores.

The post Detecting and preventing LSASS credential dumping attacks appeared first on Microsoft Security Blog.