Cyberveillecurated by Decio
Nuage de tags
Mur d'images
Quotidien
Flux RSS
  • Flux RSS
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filtres

Liens par page

  • 20 links
  • 50 links
  • 100 links

Filtres

Untagged links
page 1 / 2
22 résultats taggé attribution  ✕
Announcing a new strategic collaboration to bring clarity to threat actor naming | Microsoft Security Blog https://www.microsoft.com/en-us/security/blog/2025/06/02/announcing-a-new-strategic-collaboration-to-bring-clarity-to-threat-actor-naming/
03/06/2025 13:35:54
QRCode
archive.org
thumbnail

Microsoft and CrowdStrike are teaming up to create alignment across our individual threat actor taxonomies to help security professionals connect insights faster.
In today’s cyberthreat landscape, even seconds of delay can mean the difference between stopping a cyberattack or falling victim to ransomware. One major cause of delayed response is understanding threat actor attribution, which is often slowed by inaccurate or incomplete data as well as inconsistencies in naming across platforms. This, in turn, can reduce confidence, complicate analysis, and delay response. As outlined in the National Institute of Standards and Technology’s (NIST) guidance on threat sharing (SP 800-1501), aligning how we describe and categorize cyberthreats can improve understanding, coordination, and overall security posture.

That’s why we are excited to announce that Microsoft and CrowdStrike are teaming up to create alignment across our individual threat actor taxonomies. By mapping where our knowledge of these actors align, we will provide security professionals with the ability to connect insights faster and make decisions with greater confidence.

Read about Microsoft and Crowdstrike’s joint threat actor taxonomy
Names are how we make sense of the threat landscape and organize insights into known or likely cyberattacker behaviors. At Microsoft, we’ve published our own threat actor naming taxonomy to help researchers and defenders identify, share, and act on our threat intelligence, which is informed by the 84 trillion threat signals that we process daily. But the same actor that Microsoft refers to as Midnight Blizzard might be referred to as Cozy Bear, APT29, or UNC2452 by another vendor. Our mutual customers are always looking for clarity. Aligning the known commonalities among these actor names directly with peers helps to provide greater clarity and gives defenders a clearer path to action.

Introducing a collaborative reference guide to threat actors
Microsoft and CrowdStrike are publishing the first version of our joint threat actor mapping. It includes:

A list of common actors tracked by Microsoft and CrowdStrike mapped by their respective taxonomies.
Corresponding aliases from each group’s taxonomy.
This reference guide serves as a starting point, a way to translate across naming systems so defenders can work faster and more efficiently, especially in environments where insights from multiple vendors are in play. This reference guide helps to:

Improve confidence in threat actor identification.
Streamline correlation across platforms and reports.
Accelerate defender action in the face of active cyberthreats.
This effort is not about creating a single naming standard. Rather, it’s meant to help our customers and the broader security community align intelligence more easily, respond faster, and stay ahead of threat actors.

microsoft EN 2025 collaboration CrowdStrike attribution taxonomies
China-Nexus Nation State Actors Exploit SAP NetWeaver (CVE-2025-31324) to Target Critical Infrastructures https://blog.eclecticiq.com/china-nexus-nation-state-actors-exploit-sap-netweaver-cve-2025-31324-to-target-critical-infrastructures
14/05/2025 20:46:30
QRCode
archive.org
thumbnail

EclecticIQ analysts assess with high confidence that, in April 2025, China-nexus nation-state APTs (advanced persistent threat) launched high-temp exploitation campaigns against critical infrastructure networks by targeting SAP NetWeaver Visual Composer. Actors leveraged CVE-2025-31324 [1], an unauthenticated file upload vulnerability that enables remote code execution (RCE). This assessment is based on a publicly exposed directory (opendir) found on attacker-controlled infrastructure, which contained detailed event logs capturing operations across multiple compromised systems.

EclecticIQ analysts link observed SAP NetWeaver intrusions to Chinese cyber-espionage units including UNC5221 [2], UNC5174 [3], and CL-STA-0048 [4] based on threat actor tradecrafts patterns. Mandiant and Palo Alto researchers assess that these groups connect to China's Ministry of State Security (MSS) or affiliated private entities. These actors operate strategically to compromise critical infrastructures, exfiltrate sensitive data, and maintain persistent access across high-value networks worldwide.

Uncategorized China-Nexus Threat Actor Scanning the Internet for CVE-2025-31324 and Upload Webshells

EclecticIQ analysts assess with high confidence that, a very likely China-nexus threat actor is conducting a widespread internet scanning and exploitation campaign against SAP NetWeaver systems. Threat actor–controlled server hosted at IP address 15.204.56[.]106 exposed the scope of the SAP NetWeaver intrusions [5].

eclecticiq.com EN 2025 exploitation China-Nexus China attribution CVE-2025-31324 SAP NetWeaver
Russie – Attribution de cyberattaques contre la France au service de renseignement militaire russe (APT28) (29.04.25) - Ministère de l’Europe et des Affaires étrangères https://www.diplomatie.gouv.fr/fr/dossiers-pays/russie/evenements/evenements-de-l-annee-2025/article/russie-attribution-de-cyberattaques-contre-la-france-au-service-de
04/05/2025 13:19:33
QRCode
archive.org
thumbnail

La France condamne avec la plus grande fermeté le recours par le service de renseignement militaire russe (GRU) au mode opératoire d’attaque APT28, à l’origine de plusieurs cyber-attaques contre des intérêts français.

Depuis 2021, ce mode opératoire d’attaque (MOA) a été utilisé dans le ciblage ou la compromission d’une dizaine d’entités françaises. Ces entités sont des acteurs de la vie des Français : services publics, entreprises privées, ainsi qu’une organisation sportive liée à l’organisation des Jeux olympiques et paralympiques 2024. Par le passé, ce mode opératoire a également été utilisé par le GRU dans le sabotage de la chaîne de télévision TV5Monde en 2015, ainsi que dans la tentative de déstabilisation du processus électoral français en 2017.

APT28 est aussi employé pour exercer une pression constante sur les infrastructures ukrainiennes dans le contexte de la guerre d’agression menée par la Russie contre l’Ukraine, notamment lorsqu’il est opéré par l’unité 20728 du GRU. De nombreux partenaires européens ont également été visés par APT28 au cours des dernières années. À ce titre, l’UE a imposé des sanctions aux personnes et entités responsables des attaques menées à l’aide de ce mode opératoire.

diplomatie.gouv.fr FR 2025 France Diplomate Diplomates Attribution APT28 Russie
Researchers accuse North Korea of $1.4 billion Bybit crypto heist https://techcrunch.com/2025/02/24/researchers-accuse-north-korea-of-1-4-billion-bybit-crypto-heist/
24/02/2025 18:53:25
QRCode
archive.org
thumbnail

North Korea is behind the massive crypto hack, according to several blockchain monitoring firms and a well-known researcher

techcrunch EN 2025 Bybit crypto North-Korea attribution
China Hacked Treasury Dept. in ‘Major’ Breach, U.S. Says https://www.nytimes.com/2024/12/30/us/politics/china-hack-treasury.html?unlocked_article_code=1.lU4.cvt0.VKdgPzM0c08e&smid=url-share
31/12/2024 00:47:58
QRCode
archive.org

The department notified lawmakers of the episode, which it said was linked to a state-sponsored actor in China.
In a letter informing lawmakers of the episode, the Treasury Department said that it had been notified on Dec. 8 by a third-party software service company, BeyondTrust, that the hacker had obtained a security key that allowed it to remotely gain access to certain Treasury workstations and documents on them

nytimes EN 2024 US Treasury Breach BeyondTrust attribution China Hacked
US Treasury says China accessed government documents in 'major' cyberattack https://techcrunch.com/2024/12/30/us-treasury-says-china-stole-documents-in-major-cyberattack/
31/12/2024 00:45:01
QRCode
archive.org
thumbnail

Treasury officials attributed the December theft of unclassified documents to China.

The Treasury said it was notified on December 8 by BeyondTrust, a company that provides identity access and remote support tech for large organizations and government departments, that hackers had “gained access to a key used by the vendor” for providing remote access technical support to Treasury employees. BeyondTrust disclosed the incident at the time, but did not say how the key was obtained.

techcrunch EN 2024 US Treasury China BeyondTrust cyberattack attribution
Amazon identified internet domains abused by APT29 https://aws.amazon.com/fr/blogs/security/amazon-identified-internet-domains-abused-by-apt29/
31/10/2024 08:55:15
QRCode
archive.org
thumbnail

APT29 aka Midnight Blizzard recently attempted to phish thousands of people. Building on work by CERT-UA, Amazon recently identified internet domains abused by APT29, a group widely attributed to Russia’s Foreign Intelligence Service (SVR). In this instance, their targets were associated with government agencies, enterprises, and militaries, and the phishing campaign was apparently aimed at […]

amazon EN 2024 APT29 MidnightBlizzard attribution rdp spear-phishing
Cyber: Statement by the High Representative on behalf of the EU on continued malicious behaviour in cyberspace by the Russian Federation - Consilium https://www.consilium.europa.eu/en/press/press-releases/2024/05/03/cyber-statement-by-the-high-representative-on-behalf-of-the-eu-on-continued-malicious-behaviour-in-cyberspace-by-the-russian-federation/
05/05/2024 09:54:30
QRCode
archive.org

The EU issued a statement strongly condemning the malicious cyber campaign conducted by the Russia-controlled Advanced Persistent Threat Actor 28 (APT28) against Germany and Czechia.

EU consilium EN 2024 attribution APT28 Russia statement Germany Czechia
Statement of the MFA on the Cyberattacks Carried by Russian Actor APT28 on Czechia | https://mzv.gov.cz/jnp/en/issues_and_press/press_releases/statement_of_the_mfa_on_the_cyberattacks.mobi
05/05/2024 09:52:08
QRCode
archive.org
thumbnail

Czechia jointly with Germany, the European Union, NATO and international partners strongly condemns activities of the Russian state-controlled actor APT28, who has been conducting a long-term cyber espionage campaign in European countries. APT28 is associated with Russian military intelligence service GRU.

gov.cz EN 2024 Ministry Czech Republic Czechia APT28 Statement attribution
Unearthing APT44: Russia’s Notorious Cyber Sabotage Unit Sandworm https://cloud.google.com/blog/topics/threat-intelligence/apt44-unearthing-sandworm?hl=en
18/04/2024 07:10:04
QRCode
archive.org
thumbnail

APT44 is a threat actor that is actively engaged in the full spectrum of espionage, attack, and influence operations.

Mandiant EN 2024 APT44 Threat-Intelligence Sandworm Russia google attribution FROZENBARENTS
Iran responsible for Charlie Hebdo attacks https://www.microsoft.com/en-us/security/business/security-insider/uncategorized/iran-responsible-for-charlie-hebdo-attacks/
06/02/2023 19:44:22
QRCode
archive.org
thumbnail

Today, Microsoft’s Digital Threat Analysis Center (DTAC) is attributing a recent influence operation targeting the satirical French magazine Charlie Hebdo

microsoft DTAC EN 2023 attribution Iran influence France CharlieHebdo EmennetPasargad
Iranian State Actors Conduct Cyber Operations Against the Government of Albania https://www.cisa.gov/uscert/ncas/alerts/aa22-264a
22/09/2022 16:43:03
QRCode
archive.org

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cybersecurity Advisory to provide information on recent cyber operations against the Government of Albania in July and September. This advisory provides a timeline of activity observed, from initial access to execution of encryption and wiper attacks. Additional information concerning files used by the actors during their exploitation of and cyber attack against the victim organization is provided in Appendices A and B.

cisa EN 2022 uscert csirt cert US Iran Albania attribution IoCs FBI
Security update https://www.uber.com/newsroom/security-update
19/09/2022 21:50:57
QRCode
archive.org
thumbnail

Updates on security incident

uber 2022 En leak announce Lapsus$ attribution Rockstar
Likely Iranian Threat Actor Conducts Politically Motivated Disruptive Activity Against Albanian Government Organizations https://www.mandiant.com/resources/blog/likely-iranian-threat-actor-conducts-politically-motivated-disruptive-activity-against
11/09/2022 10:49:17
QRCode
archive.org
thumbnail

Mandiant attributes the ransomware attack against the Albanian government network in July of 2022 to an Iranian threat actor.

Mandiant EN 2022 report Albania Iran ransomware ROADSWEEP CHIMNEYSWEEP Attribution
China: Declaration by the Minister for Foreign Affairs on behalf of the Belgian Government urging Chinese authorities to take action against malicious cyber activities undertaken by Chinese actors https://diplomatie.belgium.be/en/news/declaration-minister-foreign-affairs-malicious-cyber-activities?fbclid=IwAR2KVRIkiaeO-ZGXpKh-rPUdy9cfAQA765RlwuiCmFdpXrwwm4lN_Vji88E&fs=e&s=cl
20/07/2022 08:31:21
QRCode
archive.org
thumbnail

Declaration by the Minister for Foreign Affairs on behalf of the Belgian Government urging Chinese authorities to take action against malicious cyber activities undertaken by Chinese actors.

Belgium EN 2022 Minister Foreign Affairs China APT APT27 APT30 APT31 attribution official statement
Quid des sanctions en matière de cyber ? https://incyber.fr/vue-europe-quid-sanctions-matiere-cyber/
08/03/2022 15:46:15
QRCode
archive.org

Si les sanctions économiques contre la Russie ont un impact significatif, il en est autrement de celles imposées dans le domaine cyber.

incyber FR 2022 cyber attribution EU sanctions cybertool
Conti ransomware group announces support of Russia, threatens retaliatory attacks https://www.cyberscoop.com/conti-ransomware-russia-ukraine-critical-infrastructure/
26/02/2022 11:09:44
QRCode
archive.org
thumbnail

An infamous ransomware group with potential ties to Russian intelligence and known for attacking health care providers and hundreds of other targets posted a warning Friday saying it was “officially announcing a full support of Russian government.”

cyberscoop Conti attribution intelligence Russia gang EN 2022 announce
Un ex-officier de la CIA sur l’Ukraine: «Jamais les Etats-Unis n’ont divulgué autant d’informations sensibles et aussi vite» https://www.letemps.ch/monde/un-exofficier-cia-lukraine-jamais-etatsunis-nont-divulgue-autant-dinformations-sensibles-vite
23/02/2022 08:23:45
QRCode
archive.org
thumbnail

Un ex-officier de la CIA évoque les risques et avantages de la stratégie américaine de divulguer des informations brutes du Renseignement pour faire pression sur la Russie

letemps FR 2022 CIA informations infowar renseignements Russie USA attribution paywall
The US is unmasking Russian hackers faster than ever https://www.technologyreview.com/2022/02/21/1046087/russian-hackers-ukraine/
22/02/2022 15:47:04
QRCode
archive.org
thumbnail

The White House rapidly gathered evidence and blamed Russia for a cyberattack against Ukraine, the latest sign that cyber attribution is an increasingly crucial tool in the American arsenal.

technologyreview EN 2022 US Russia attribution
The Elite Hackers of the FSB https://interaktiv.br.de/elite-hacker-fsb/en/index.html
18/02/2022 13:16:26
QRCode
archive.org
thumbnail

For almost two decades, hackers with Snake have been forcing their way into government networks. They are considered one of the most dangerous hacker groups in the world. Who they work for, though, has always been a matter of pure speculation. But reporters with the German public broadcasters BR and WDR  have discovered some clues, and they all lead to the Russian secret service FSB.

FSB turla hackers osint recherche EN 2022 BR german attribution
page 1 / 2
4481 links
Shaarli - The personal, minimalist, super-fast, database free, bookmarking service par la communauté Shaarli - Theme by kalvn - Curated by Decio