threat actors

Microsoft 365 account holders, it’s time to clutch your credentials like your last stick of office coffee—hackers have orchestrated another clever plot, this time through everyone’s favorite messaging apps. If you thought WhatsApp and Signal were just for family chats and cryptic office banter...

Every time the cybersecurity community thinks they’re getting ahead of attackers, someone comes along and turns a trusted workflow into a digital bear trap. That’s exactly what’s unfolding in the latest campaign orchestrated by Russian threat actors who are gleefully exploiting legitimate...

In a recent development, Russian threat actors identified as UTA0352 and UTA0355 have been targeting Ukraine-linked nongovernmental organizations (NGOs) by exploiting the OAuth protocol to compromise Microsoft 365 accounts. The Mechanics of the Attack The attackers initiated their campaign with...

They say trust is the cornerstone of any relationship—especially if that relationship is between you, the internet, and a determined Russian adversary with a penchant for phishy invitations and suspicious requests for OAuth codes. Phishing in the OAuth Era: New Tricks for Old Hackers When we...

We live in an era where simply clicking a video call link could lead to the digital equivalent of inviting a burglar in for tea—and hackers are getting increasingly creative with their invitations, especially when it comes to Microsoft 365 access. The Evolving Art of Social Engineering (or: Why...

Inside the New Wave of Cyberattacks Exploiting Microsoft Teams to Infect Windows PCs Microsoft Teams has become indispensable in modern workplaces, a hub for collaboration and communication. Yet, this very platform trusted by millions has transformed into a battleground where hackers wage...

Hackers Exploit Windows MMC Zero-Day to Execute Malicious Code A new cybersecurity scare is unsettling the Windows community. A recently uncovered zero-day vulnerability in the Microsoft Management Console (MMC) — tracked as CVE-2025-26633 — is being actively exploited by a sophisticated...

Microsoft has pulled back the curtain on an intricate cybercrime scheme involving generative AI services—a revelation that underscores the growing risks at the intersection of artificial intelligence and cyber security. In a bold move on February 28, 2025, Microsoft publicly identified and...

In today’s rapidly evolving cybersecurity landscape, even the most trusted platforms can become targets for sophisticated attacks. Recent research from Volexity, as featured on the KnowBe4 Blog, has revealed that Russian threat actors—among them the notorious SVR-linked Cozy Bear—are leveraging...

In today’s ever-evolving cybersecurity landscape, attackers aren’t just content with infiltrating on-premises networks. Instead, sophisticated threat actors are shifting their focus to Cloud environments—specifically targeting your Microsoft Entra ID and Active Directory (AD) configurations. New...

Original release date: December 2, 2021 Summary This joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9. See the ATT&CK for Enterprise framework for referenced threat actor techniques and for mitigations. This joint...

Original release date: November 17, 2021 Summary Actions to Take Today to Protect Against Iranian State-Sponsored Malicious Cyber Activity • Immediately patch software affected by the following vulnerabilities: CVE-2021-34473, 2018-13379, 2020-12812, and 2019-5591. • Implement Link Removed. •...

Original release date: September 16, 2021 Summary This Joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 8. See the ATT&CK for Enterprise for referenced threat actor tactics and for techniques. This joint advisory is...

Original release date: July 28, 2021 Summary This Joint Cybersecurity Advisory was coauthored by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), the United Kingdom’s National Cyber Security Centre (NCSC), and the U.S. Federal Bureau...

Original release date: July 20, 2021 Summary This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. Note: CISA released technical information...

Original release date: July 19, 2021 Summary This advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9, and MITRE D3FEND™ framework, version 0.9.2-BETA-3. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques...

Original release date: July 19, 2021 Summary This Joint Cybersecurity Advisory was written by the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) to provide information on a Chinese Advanced Persistent Threat (APT) group known in open-source...

Original release date: May 28, 2021 Summary The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are responding to a spearphishing campaign targeting government organizations, intergovernmental organizations (IGOs), and non-governmental...

Original release date: May 11, 2021 Summary This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. The Cybersecurity and Infrastructure Security...

Original release date: April 20, 2021 Summary The Cybersecurity and Infrastructure Security Agency (CISA) is aware of compromises affecting U.S. government agencies, critical infrastructure entities, and other private sector organizations by a cyber threat actor—or actors—beginning in June 2020...