SOHO router compromise leads to DNS hijacking and adversary-in-the-middle attacks

Posted on by No Comments ↓

Executive summary Forest Blizzard, a threat actor linked to the Russian military, has been compromising insecure home and small-office internet equipment like routers, then modifying their settings in ways that turn them into part of the actor’s malicious infrastructure.

The post SOHO router compromise leads to DNS hijacking and adversary-in-the-middle attacks appeared first on Microsoft Security Blog.

Continue reading SOHO router compromise leads to DNS hijacking and adversary-in-the-middle attacks

Storm-1175 focuses gaze on vulnerable web-facing assets in high-tempo Medusa ransomware operations

Posted on by No Comments ↓

The financially motivated cybercriminal threat actor Storm-1175 operates high-velocity ransomware campaigns that weaponize recently disclosed vulnerabilities to obtain initial access, exfiltrate data, and deploy Medusa ransomware.

The post Storm-1175 focuses gaze on vulnerable web-facing assets in high-tempo Medusa ransomware operations appeared first on Microsoft Security Blog.

Continue reading Storm-1175 focuses gaze on vulnerable web-facing assets in high-tempo Medusa ransomware operations

Storm-1175 focuses gaze on vulnerable web-facing assets in high-tempo Medusa ransomware operations

Posted on by No Comments ↓

The financially motivated cybercriminal threat actor Storm-1175 operates high-velocity ransomware campaigns that weaponize recently disclosed vulnerabilities to obtain initial access, exfiltrate data, and deploy Medusa ransomware (Gaze.exe).

The post Storm-1175 focuses gaze on vulnerable web-facing assets in high-tempo Medusa ransomware operations appeared first on Microsoft Security Blog.

Continue reading Storm-1175 focuses gaze on vulnerable web-facing assets in high-tempo Medusa ransomware operations