Defending against evolving identity attack techniques
Threat actors continue to develop and leverage various techniques that aim to compromise cloud identities.
Credential theft
Refine results
Topic
Products and services
Publish date
-
-
Lumma Stealer: Breaking down the delivery techniques and capabilities of a prolific infostealer
Over the past year, Microsoft Threat Intelligence observed the persistent growth and operational sophistication of Lumma Stealer, an info-stealing malware used by multiple financially motivated threat actors to target various industries. -
Threat actors misuse Node.js to deliver malware and other malicious payloads
Since October 2024, Microsoft Defender Experts has observed and helped multiple customers address campaigns leveraging Node. -
Threat actors leverage tax season to deploy tax-themed phishing campaigns
As Tax Day approaches in the United States on April 15, Microsoft has detected several tax-themed phishing campaigns employing various tactics. -
Phishing campaign impersonates Booking.com, delivers a suite of credential-stealing malware
Microsoft Threat Intelligence identified a phishing campaign that impersonates online travel agency Booking. -
Malvertising campaign leads to info stealers hosted on GitHub
Microsoft detected a large-scale malvertising campaign in early December 2024 that impacted nearly one million devices globally. -
Frequent freeloader part II: Russian actor Secret Blizzard using tools of other groups to attack Ukraine
Since January 2024, Microsoft has observed Secret Blizzard using the tools or infrastructure of other threat groups to attack targets in Ukraine and download its custom backdoors Tavdig and KazuarV2. -
File hosting services misused for identity phishing
Since mid-April 2024, Microsoft has observed an increase in defense evasion tactics used in campaigns abusing file hosting services like SharePoint, OneDrive, and Dropbox. -
Storm-0501: Ransomware attacks expanding to hybrid cloud environments
Microsoft has observed the threat actor tracked as Storm-0501 launching a multi-staged attack where they compromised hybrid cloud environments and performed lateral movement from on-premises to cloud environment, leading to data exfiltration, credential theft, tampering, persistent backdoor access, and ransomware deployment. -
“Dirty stream” attack: Discovering and mitigating a common vulnerability pattern in Android apps
Microsoft discovered a vulnerability pattern in multiple popular Android applications that could enable a malicious application to overwrite files in the vulnerable application’s internal data storage directory, which could lead to arbitrary code execution and token theft, among other impacts. -
Threat actors misuse OAuth applications to automate financially driven attacks
Microsoft Threat Intelligence presents cases of threat actors misusing OAuth applications as automation tools in financially motivated attacks. -
Star Blizzard increases sophistication and evasion in ongoing attacks
Microsoft Threat Intelligence continues to track and disrupt malicious activity attributed to a Russian state-sponsored actor we track as Star Blizzard, who has continuously improved their detection evasion capabilities while remaining focused on email credential theft against targets.