legitimate service abuse – PossibleThreat Articles

Sophos MDR tracks two ransomware campaigns using “email bombing,” Microsoft Teams “vishing”

January 21, 2025 0 Comments black basta, featured, Fin7, java malware, legitimate service abuse, microsoft office 365, python malware, quick assist, remote machine management, security operations, stac5143, stac5777, teams, threat research

Credit to Author: gallagherseanm| Date: Tue, 21 Jan 2025 11:30:14 +0000

Sophos MDR identifies a new threat cluster riffing on the playbook of Storm-1811, and amped-up activity from the original connected to Black Basta ransomware.

Security Sophos

Phishing platform Rockstar 2FA trips, and “FlowerStorm” picks up the pieces

December 19, 2024 0 Comments CloudFlare, featured, flowerstorm, legitimate service abuse, phishing, phishing-as-a-service, rockstar, rockstar2fa, security operations, threat research

Credit to Author: gallagherseanm| Date: Thu, 19 Dec 2024 15:11:48 +0000

A sudden disruption of a major phishing-as-a-service provider leads to the rise of another…that looks very familiar

Security Sophos

Sophos MDR blocks and tracks activity from probable Iranian state actor “MuddyWater”

November 20, 2024 0 Comments atera, legitimate service abuse, muddywater, phishing, rmm, security operations, stac 1171, ta450, threat research

Credit to Author: gallagherseanm| Date: Wed, 20 Nov 2024 17:12:12 +0000

Sophos MDR has observed a new campaign that uses targeted phishing to entice the target to download a legitimate remote machine management tool to dump credentials. We believe with moderate confidence that this activity, which we track as STAC 1171, is related to an Iranian threat actor commonly referred to as MuddyWater or TA450. Earlier […]