Financially motivated threat actor UNC3944 is using phishing and SIM swapping attacks to take over Microsoft Azure admin accounts and gain access to virtual machines (VM), according to cybersecurity firm Mandiant.

Using access to virtual machines the attackers employed malicious use of the Serial Console on Azure Virtual Machines to install third-party remote management software within client environments, Mandiant said in a blog.

UNC3944 has been active since May 2022. The threat actor has been observed carrying out SIM-swapping attacks followed by the establishment of persistence using compromised accounts.

To read this article in full, please click here

Over three-quarters (77%) of organizations across US critical national infrastructure (CNI) have seen a rise in insider-driven cyberthreats in the last three years, according to new research from cybersecurity services firm Bridewell. The Cyber Security in CNI: 2023 report surveyed 525 cybersecurity decision makers in the US in the transport and aviation, utilities, finance, government, and communications sectors. It revealed that increased insider threat could be linked to heightened economic pressures and remote working. Threats from within range from criminal intent to individual negligence, with those surveyed stating that an act of intentional destruction by an employee was committed at an average of at least every other week within the last year.

To read this article in full, please click here

By Microsoft Security

It’s been over a year since Russia launched its full-scale invasion of Ukraine on February 24th, 2022. Since that day, Russia has attempted to overrun Ukrainian defenses with a combination of hybrid warfare tactics, including cyber weapons, influence operations, and military force. And while Russia’s military has wrought immense physical devastation in Ukraine, it has fallen short of achieving all its objectives due to the limitations of Moscow’s parallel cyber and influence operations.

As of early 2023, Russian threat actors had expanded the scope of their war-related espionage operations. Between January and mid-February 2023, Microsoft threat intelligence analysts found indications of Russian threat activity against organizations in at least 17 European nations, targeting primarily the government sector. While these actions are most likely intended to boost intelligence collection against organizations providing political and material support to Ukraine, they could also, if directed, inform destructive operations.

To read this article in full, please click here