Access to accounts used for pre-attack reconnaissance, phishing, and email harvesting has been blocked as part of Microsoft’s announcement of yet another significant disruption of an APT actor thought to be connected to the Russian government.
Since at least 2017, there has been evidence of the threat actor, known by Microsoft as SEABORGIUM, performing active cyberespionage assaults targeting military personnel, government officials, think tanks, and journalists in Europe and the South Caucasus. Microsoft’s abuse teams and Redmond’s security research and threat hunting teams collaborated to block phishing domains and disable OneDrive and other accounts connected to Microsoft services.
In a note announcing the disruption, Microsoft also exposed the Russian threat actor’s malware infrastructure and released IoCs (indicators of compromise) to help defenders hunt for signs of infections.
For more such updates follow us on Google News ITsecuritywire News