September 27, 2024 at 07:30AM Storm-0501, a financially motivated threat actor, has targeted government, manufacturing, transportation, and law enforcement sectors in the U.S. with ransomware attacks. They use weak credentials, remote code execution vulnerabilities, and various tools for lateral movements and data exfiltration. The group is also linked to the deployment of Embargo ransomware in … Read more
May 23, 2024 at 02:59PM A Moroccan cybercrime group, Storm-0539, has evolved the gift card scam by targeting retailer systems to create and cash out gift cards. Utilizing social engineering and phishing, they compromise employee accounts to gain access. Microsoft reports a surge in their activity, advising organizations to adopt stringent security measures to combat … Read more
April 22, 2024 at 09:21PM Russian spies have leveraged a Windows print spooler vulnerability to deploy GooseEgg, a custom tool, for stealing credentials and elevating privileges in compromised networks. Microsoft’s threat intelligence team revealed exploitation involving the Forest Blizzard group, linked to Russian intelligence. Microsoft patched the vulnerability in October 2022 and provided recommendations for … Read more