CyberSecurityBoard
Sponsor Register Login

Star Blizzard New Evasion Techniques to Hijack Email Accounts

Hackers target email accounts because they contain valuable personal and financial information.
Successful email breaches enable threat actors to:-.
Cybersecurity researchers at Microsoft Threat Intelligence team recently unveiled that the Russian state-sponsored actor, Star Blizzard, has increased its sophistication and developed new evasion techniques to utilize in ongoing attacks.
Star Blizzard enhanced evasion techniques since 2022, focusing on email credential theft, and they target the following entities aligning with Russian interests:-.
Microsoft improves defenses against spear-phishing and is grateful for the collaboration with the following global cybersecurity partners:-.
Here below, we have mentioned all the new TTPs identified by the cybersecurity analysts at the Microsoft Threat Intelligence team:-.
Star Blizzard focuses on email credential theft, favoring cloud-based providers.
They persist with the Evilginx framework, relying on spear-phishing via email and custom PDF lures.
Connected users and organizations in these areas are potential Star Blizzard targets:-.
Emails mimic known contacts via Proton email accounts, and the initial message requests a document review, but it does not provide any attachment or link to the document.
A follow-up includes a PDF file or link to a cloud-hosted PDF that will be unreadable with a misleading content-enable button.
Pressing the PDF button opens a link, starting a redirection chain.
The host domain is actor-controlled, not the expected server domain.
If approved, the account is compromised, and then the threat actor gains full access with successfully compromised credentials.
Here below, we have mentioned all the recommendations provided by the cybersecurity researchers:-.
On Microsoft Defender Antivirus, make sure to turn on cloud-delivered protection and automatic sample submission.
All suspicious or anomalous activities must be monitored continuously.
To recheck links on click, ensure proper configuration of Microsoft Defender for Office 365.
In Microsoft Defender for Office 365, make sure to use the Attack Simulator.
Always encourage users to use web browsers that support Microsoft Defender SmartScreen.


This Cyber News was published on gbhackers.com. Publication date: Sat, 09 Dec 2023 06:43:06 +0000


Cyber News related to Star Blizzard New Evasion Techniques to Hijack Email Accounts

Star Blizzard increases sophistication and evasion in ongoing attacks - Microsoft Threat Intelligence continues to track and disrupt malicious activity attributed to a Russian state-sponsored actor we track as Star Blizzard. Star Blizzard has improved their detection evasion capabilities since 2022 while remaining ...
11 months ago Microsoft.com
The Russians are coming! Err, they've already infiltrated The Register - Russia-backed attackers have named new targets for their ongoing phishing campaigns, with defense-industrial firms and energy facilities now in their sights, according to agencies of the Five Eyes alliance. In a joint security alert issued on ...
11 months ago Go.theregister.com
Russia's 'Star Blizzard' APT Upgrades its Stealth, Only to Be Unmasked Again - After multiple exposures and disruptions, a Kremlin-sponsored advanced persistent threat actor has once again upgraded its evasion techniques. That move was also exposed this week, by Microsoft. Historically, it has focused its aim on public and ...
11 months ago Darkreading.com
Star Blizzard New Evasion Techniques to Hijack Email Accounts - Hackers target email accounts because they contain valuable personal and financial information. Successful email breaches enable threat actors to:-. Cybersecurity researchers at Microsoft Threat Intelligence team recently unveiled that the Russian ...
11 months ago Gbhackers.com
Microsoft, DOJ Dismantle Domains Used by Russian FSB-Linked Hacking Group - By taking decisive action against Star Blizzard, Microsoft and its partners reinforce international norms and demonstrate a commitment to protecting civil society and upholding the rule of law in cyberspace. Between January 2023 and August 2024, Star ...
1 month ago Gbhackers.com
Russian Spies Hacked Microsoft Email Systems & Accessed Code - Microsoft has disclosed that Russian government hackers, identified as the group Midnight Blizzard, have successfully infiltrated its corporate email systems and stolen source codes. Microsoft's announcement on March 8, 2024, detailed that Midnight ...
8 months ago Cybersecuritynews.com
The 6 Best Email Security Software & Tools of 2024 - To guarantee full protection against email threats, important features to consider when picking an email security solution include email filtering and spam detection, sandboxing, mobile support, advanced machine learning, and data loss prevention. ...
1 month ago Esecurityplanet.com
Microsoft and DOJ seized the attack infrastructure used by Russia-linked Callisto Group - Today, the United States District Court for the District of Columbia unsealed a civil action brought by Microsoft’s DCU, including its order authorizing Microsoft to seize 66 unique domains used by Star Blizzard in cyberattacks targeting Microsoft ...
1 month ago Securityaffairs.com
Russian FSB Targets US and UK Politicians in Sneaky Spear-Phish Plan - The UK was the first to release the accusations-because time zones, presumably. Your humble blogwatcher curated these bloggy bits for your entertainment. The intrusions include targeting personal email accounts and impersonation attempts against ...
11 months ago Securityboulevard.com
Microsoft Shares New Guidance in the Wake of 'Midnight Blizzard' Cyberattack - Microsoft has released new guidance for organizations on how to protect against persistent nation-state attacks like the one disclosed a few days ago that infiltrated its own corporate email system. A key focus of the guidance is on what ...
9 months ago Darkreading.com
CISA Issues Warning for Russian 'Star Blizzard' APT Spear-Phishing Operation - The US cybersecurity agency CISA is leading a cross-agency push to expose a Russian government-backed APT caught launching spear-phishing campaigns against specific targets in academia, defense, governmental organizations, NGOs and think-tanks. A ...
11 months ago Securityweek.com
Email Security Trends And Predictions in 2024 - One of the most critical aspects of this broad topic is email security. Email security refers to the collective measures used to secure the access and content of an email account or service. An email service provider implements email security to ...
11 months ago Cybersecuritynews.com
Business Email Compromise Scams: Prevention and Response - We will also highlight red flags to watch out for in suspicious emails, emphasizing the importance of implementing robust email authentication methods and comprehensive employee training programs to enhance awareness and response capabilities. BEC ...
10 months ago Securityzap.com
Microsoft: Legacy account hacked by Russian APT had no MFA - Microsoft said the legacy test tenant account hacked by Russian nation-state threat actors this month did not have MFA enabled. According to the initial disclosure, the account compromised was a legacy, non-production test tenant account that threat ...
9 months ago Techtarget.com
Essential Email and Internet Safety Tips for College Students - Your email is one of the most important digital assets and identities because it helps you create accounts on other platforms. Securing your email requires you to pay attention to your passwords, gadgets, and the links you engage with. The places you ...
9 months ago Securityboulevard.com
Microsoft Takes Unprecedented Action Against Cyber Threat Actor Star Blizzard - Cybersecurity Insiders - In a historic move that underscores the escalating battle against cybercrime, Microsoft has publicly acknowledged its role in launching a cyber offensive against a Russian-funded threat actor known as Star Blizzard. According to Microsoft’s ...
1 month ago Cybersecurity-insiders.com
CISA Warns of Compromised Microsoft Accounts - CISA issued a fresh CISA emergency directive in early April instructing U.S. federal agencies to mitigate risks stemming from the breach of numerous Microsoft corporate email accounts by the Russian APT29 hacking group. The directive is known as ...
7 months ago Securityboulevard.com
Microsoft reveals how hackers breached its Exchange Online accounts - Microsoft confirmed that the Russian Foreign Intelligence Service hacking group, which hacked into its executives' email accounts in November 2023, also breached other organizations as part of this malicious campaign. On January 12, 2024, Microsoft ...
9 months ago Bleepingcomputer.com
HPE: Russian hackers breached its security team's email accounts - Hewlett Packard Enterprise disclosed today that suspected Russian hackers known as Midnight Blizzard gained access to the company's Microsoft Office 365 email environment to steal data from its cybersecurity team and other departments. Midnight ...
9 months ago Bleepingcomputer.com
Innovative Legal Move Restores Hospital's Stolen Information - There has been a handover of patient data stolen by the notorious LockBit gang from a cloud computing company to a New York hospital alliance that is partnered with that company. There was a lawsuit filed by the North Star Health Alliance - a group ...
9 months ago Cysecurity.news
February 1, 2024: A Date All Email Senders Should Care About - For any organization sending bulk email or high email volumes to Google and Yahoo accounts, there's one date you should have flagged on your calendar. On February 1st, guidance indicates you'll need to pay attention if you are sending over 5000 ...
10 months ago Feedpress.me
What is an email signature? - An email signature - or signature block or signature file - is the block of text that appears at the end of an email message that provides more information about the sender. This can include details such as the sender's full name, occupation or job ...
10 months ago Techtarget.com
UK Government Warns of Russian Cyber Campaigns Against Democracy - Russian Intelligence Services have been engaging in a sustained cyber campaign aimed at interfering in UK politics and democratic processes. The National Cyber Security Centre, part of GCHQ, alongside international partners, have identified the ...
11 months ago Infosecurity-magazine.com
Purple teaming and the role of threat categorization - Red team assessment, penetration testing, and even purple team assessments are all designed to answer these questions. As attacks get more complex, these assessments struggle to provide comprehensive answers. These assessment services typically test ...
10 months ago Helpnetsecurity.com
Star Blizzard launched Cyber Attacks on UK since years - The discovery of this covert activity is recent, and the extent of the damage is yet to be fully assessed. Over the years, various nations, such as China, Russia, North Korea, and more recently, Iran, have been involved in spying on Western ...
11 months ago Cybersecurity-insiders.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)