Onyx Sleet uses array of malware to gather intelligence for North Korea
On July 25, 2024, the United States Department of Justice (DOJ) indicted an individual linked to the North Korean threat actor that Microsoft tracks as Onyx Sleet.
Microsoft Defender Threat Intelligence
Refine results
Topic
Products and services
Publish date
-
-
Mitigating Skeleton Key, a new type of generative AI jailbreak technique
Microsoft recently discovered a new type of generative AI jailbreak method called Skeleton Key that could impact the implementations of some large and small language models. -
Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks
Microsoft has identified a new North Korean threat actor, now tracked as Moonstone Sleet (formerly Storm-1789), that combines many tried-and-true techniques used by other North Korean threat actors, as well as unique attack methodologies to target companies for its financial and cyberespionage objectives. -
Threat actors misusing Quick Assist in social engineering attacks leading to ransomware
Microsoft Threat Intelligence has observed Storm-1811 misusing the client management tool Quick Assist to target users in social engineering attacks that lead to malware like Qakbot followed by Black Basta ransomware deployment. -
Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials
Since 2019, Forest Blizzard has used a custom post-compromise tool to exploit a vulnerability in the Windows Print Spooler service that allows elevated permissions. -
Microsoft unveils expansion of AI for security and security for AI at Microsoft Ignite
The new era of AI is here. At Microsoft Ignite, we will be announcing new cybersecurity capabilities to help you thrive in this new age. -
Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction
Microsoft has been tracking activity related to the financially motivated threat actor Octo Tempest, whose evolving campaigns represent a growing concern for many organizations across multiple industries. -
Microsoft Security Copilot Early Access Program: Harnessing generative AI to empower security teams
Learn more about Microsoft Security Copilot—including its integration with Microsoft 365 Defender—as well as our latest innovations and announcements, and how your organization can get early access. -
Multiple North Korean threat actors exploiting the TeamCity CVE-2023-42793 vulnerability
Since early October 2023, Microsoft has observed North Korean nation-state threat actors Diamond Sleet and Onyx Sleet exploiting the Jet Brains TeamCity CVE-2023-42793 remote-code execution vulnerability. -
Multiple high severity vulnerabilities in CODESYS V3 SDK could lead to RCE or DoS
Microsoft researchers identified multiple high-severity vulnerabilities in the CODESYS V3 SDK that could put operational technology (OT) infrastructure at risk of attacks, such as remote code execution (RCE) and denial of service (DoS). -
Microsoft Inspire: Partner resources to prepare for the future of security with AI
Microsoft Inspire is an incredible opportunity to share all the ways AI can support security efforts with our partner ecosystem. -
How automation is evolving SecOps—and the real cost of cybercrime
ramsac Founder and Managing Director Rob May shares insights on how automation can support SecOps and how to protect against phishing attacks.