Hacker NewsThe Elite Microsoft Unit Constantly Working to Thwart Hackers
#HackerNews #Microsoft #Elite #Unit #Thwarting #Hackers #Cybersecurity #MSTIC #HackerHunters #TechNews
Manuel Bissey👉 A zero-day CLFS #vulnerability (CVE-2025-29824) has been exploited post-compromise, affecting IT, real estate, finance, software, and retail sectors. Security updates were released yesterday🛡️ #MSTIC #ThreatIntel
Exploitation of CLFS zero-day leads to ransomware activity | Microsoft Security Blog
Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC) have discovered post-compromise exploitation of a newly discovered zero-day vulnerability in the Windows Common Log File System (CLFS) against a small number of targets. Microsoft released security updates to address the vulnerability, tracked as CVE 2025-29824, on April 8, 2025.
Andreas KlopschRussia-Linked “BadPilot” Cyber Campaign Exposed 🚨
Microsoft has uncovered a multiyear global access operation executed by a sub group of Seashell Blizzard, a Russian nation state actor.
The operators conducted diverse compromises of Internet-facing infrastructure to enable Seashell Blizzard to persist on high-value targets and support tailored network operations.
Read the full blog article here: https://www.microsoft.com/en-us/security/blog/2025/02/12/the-badpilot-campaign-seashell-blizzard-subgroup-conducts-multiyear-global-access-operation/
The BadPilot campaign: Seashell Blizzard subgroup conducts multiyear global access operation | Microsoft Security Blog
Microsoft is publishing for the first time our research into a subgroup within the Russian state actor Seashell Blizzard and its multiyear initial access operation, tracked by Microsoft Threat Intelligence as the “BadPilot campaign”. This subgroup has conducted globally diverse compromises of Internet-facing infrastructure to enable Seashell Blizzard to persist on high-value targets and support tailored network operations.
🚀 MSTIC Uncovers STAR Blizzard Spear-Phishing Campaign Targeting WhatsApp Users
Microsoft has identified STAR Blizzard, a phishing campaign targeting WhatsApp accounts through social engineering.
New Star Blizzard spear-phishing campaign targets WhatsApp accounts | Microsoft Security Blog
In mid-November 2024, Microsoft Threat Intelligence observed the Russian threat actor we track as Star Blizzard sending their typical targets spear-phishing messages, this time offering the supposed opportunity to join a WhatsApp group. This is the first time we have identified a shift in Star Blizzard’s longstanding tactics, techniques, and procedures (TTPs) to leverage a […]
BarberousseHey #Microsoft, this is your friendly reminder that Bloomberg and the WSJ aren't threat intel publication!
Talking about large scale intrusions without sharing any actionable data for defenders is... well... very microsofty of y'all 🕵️
(to be clear, I don't blame the people at #MSTIC, I'm pretty sure this is down to company policies and orientations)
The second part of the frequent freeloader blog series is out! MSTIC shares how Secret Blizzard abused tools of other threat actors to attack Ukraine.
#malware #cybersecurity #infosec #threatintelligence #microsoft #mstic #secretblizzard
Frequent freeloader part II: Russian actor Secret Blizzard using tools of other groups to attack Ukraine | Microsoft Security Blog
Since January 2024, Microsoft has observed Secret Blizzard using the tools or infrastructure of other threat groups to attack targets in Ukraine and download its custom backdoors Tavdig and KazuarV2.
Andy DormireIf y'all have not had a chance to play around with Microsoft Sentinel, I am super impressed! There are so many useful features with this tool. I'm still very early in the learning process and I've already found tons of useful data.
Anyone have Sentinel tips for blue teamers?
Hana. @MSFTBlueHat wrap up💙:
Great speakers discussed thought provoking topics:
. @dreadphones, @kyotorocks, & @TerriJForslof discussed #MSTIC ghost stories!
. @n0x08 discussed exploiting ChatGPT to reverse firmware images!
. Insightful discussion with @maarten_goet & others!
#MSRC and #MSTIC are doing an outstanding job of paving the path.
... 
Recon InfoSecWhat an awesome opportunity to hear from @Cyb3rWard0g of #MSTIC on today's #ThursdayDefensive on some of the ways Microsoft approaches adversary behavior classification and the supporting data sources.
Join us next week! https://www.reconinfosec.com/thursday-defensive/
seadev#MSTIC updates out today regarding DEV-0569 / Royal #ransomware
+ DEV-0569 likely to continue malvertising and phishing for Initial Access
+ #Batloader posed as installers for TeamViewer, Zoom, and AnyDesk
+ Malvertising campaign observed leveraging Google Ads to deliver Batloader selectively
#threatintel #infosec
DEV-0569 finds new ways to deliver Royal ransomware, various payloads | Microsoft Security Blog
DEV-0569’s recent activity shows their reliance on malvertising and phishing in delivering malicious payloads. The group’s changes and updates in delivery and payload led to distribution of info stealers and Royal ransomware.