Discover and read the best of Twitter Threads about #MicrosoftSentinel
Most recents (1)
We've been tracking DEV-0537 since 2021 (overlaps: Lapsus$, UNC3661). Here's a comprehensive 🆕 BLOG 📰 covering observed TTPs: microsoft.com/security/blog/…
#MSTIC and Defender threat intel collab
➕#DART 👻 incident response team experience from the trenches [1/3]
#MSTIC and Defender threat intel collab
➕#DART 👻 incident response team experience from the trenches [1/3]
The blog highlights varied initial access vectors and a slew of [inconsistent?] end goals: data theft, extortion, chaos...
One way to interpret "this actor's TTPs and infrastructure are constantly changing" is that they are loosely-organized (see: ) [2/3]
One way to interpret "this actor's TTPs and infrastructure are constantly changing" is that they are loosely-organized (see: ) [2/3]
DEV-0537 / Lapsus$ shows that 𝘢𝘵𝘵𝘢𝘤𝘬𝘦𝘳𝘴 can be creative opportunists and still be successful.
Luckily, the same goes for 𝘥𝘦𝘧𝘦𝘯𝘥𝘦𝘳𝘴.
Use this opportunity to strengthen your security controls to protect far beyond this threat actor [3/3] microsoft.com/security/blog/…
Luckily, the same goes for 𝘥𝘦𝘧𝘦𝘯𝘥𝘦𝘳𝘴.
Use this opportunity to strengthen your security controls to protect far beyond this threat actor [3/3] microsoft.com/security/blog/…
