On January 17, 2024, Microsoft released a threat intelligence report concerning cybersecurity attacks against certain university researchers across the West and other countries. The threat report states, in part:
Since November 2023, Microsoft has observed a distinct subset
of Mint Sandstorm (PHOSPHORUS) targeting high-profile individuals working on
Middle Eastern affairs at universities and research organizations in Belgium,
France, Gaza, Israel, the United Kingdom, and the United States. In this
campaign, Mint Sandstorm used bespoke phishing lures in an attempt to socially
engineer targets into downloading malicious files. In a handful of cases,
Microsoft observed new post-intrusion tradecraft including the use of a new,
custom backdoor called MediaPl.
Operators associated with this subgroup of Mint Sandstorm are
patient and highly skilled social engineers whose tradecraft lacks many of the
hallmarks that allow users to quickly identify phishing emails. In some
instances of this campaign, this subgroup also used legitimate but compromised
accounts to send phishing lures. Additionally, Mint Sandstorm continues to
improve and modify the tooling used in targets’ environments, activity that
might help the group persist in a compromised environment and better evade
detection.
The report is available, here.
No comments:
Post a Comment