Most recents (2)

Added #STRONTIUM election-related credential harvesting campaign "detection" to #AzureSentinel: github.com/Azure/Azure-Se…

Yes - it's hardcoded for netblocks released in the #MSTIC report (microsoft.com/security/blog/…)
This is just extra coverage on top of existing cred harvesting logic

That said, the logic posted there finds some high fidelity #STRONTIUM campaigns from at least June through... recently (more details in above blog).

You'll see a User-Agent, first/last attempt, # of total attempts, # of unique IPs & unique accounts attempted + a list of accounts

As shipped, it's looking over the past 30 days. But if you have #AzureSentinel, I recommend pasting that same KQL in & searchings logs w/ expanded timeframe.
The # authAttempts can stay where it's at ... #STRONTIUM activity is approx 100 attempts per IP per account

Read 4 tweets

Jeff Seldin

@jseldin

Developing" #Russia #Chia #Iran hackers targeting @realDonaldTrump @JoeBiden presidential campaigns

"foreign activity groups have stepped up their efforts targeting the 2020 election as had been anticipated" per @Microsoft's @TomBurt45

blogs.microsoft.com/on-the-issues/…

@TomBurt45

#Russia's #Strontium (also known as #FancyBear or #APT28) "has attacked more than 200 organizations including political campaigns, advocacy groups, parties and political consultants" per @TomBurt45

@Microsoft

#China's #Zirconium "has attacked high-profile individuals associated with the election, including people associated with the Joe Biden for President campaign and prominent leaders in the international affairs community" per @Microsoft 's @TomBurt45

Read 5 tweets

Discover and read the best of Twitter Threads about #STRONTIUM

Most recents (2)

Related hashtags

Discover and read the best of Twitter Threads about #STRONTIUM

Most recents (2)

Related hashtags

Did Thread Reader help you today?