Midnight Blizzard (NOBELIUM) 

HOME  Midnight Blizzard (NOBELIUM)

• Midnight Blizzard: Guidance for responders on nation-state attack 
  The Microsoft security team detected a nation-state attack on our corporate systems on January 12, 2024, and immediately activated our response process to investigate, disrupt malicious activity, mitigate the attack, and deny the threat actor further access.
• Midnight Blizzard conducts targeted social engineering over Microsoft Teams 
  Microsoft Threat Intelligence has identified highly targeted social engineering attacks using credential theft phishing lures sent as Microsoft Teams chats by the threat actor that Microsoft tracks as Midnight Blizzard (previously tracked as NOBELIUM).
• MagicWeb: NOBELIUM’s post-compromise trick to authenticate as anyone 
  Microsoft security researchers have discovered a post-compromise capability we’re calling MagicWeb, which is used by a threat actor we track as NOBELIUM to maintain persistent access to compromised environments.
• A report on NOBELIUM’s unprecedented nation-state attack 
  In the final post of a four-part series on the NOBELIUM nation-state attack, we explore key findings from the after-action report on the attack.
• Behind the unprecedented effort to protect customers against the NOBELIUM nation-state attack 
  In the third of a four-part series on the NOBELIUM nation-state attack, we share how Microsoft product teams built new detections into products to better protect customers.
• How to investigate service provider trust chains in the cloud 
  This blog outlines DART’s recommendations for incident responders to investigate potential abuse of these delegated admin permissions, independent of the threat actor.
• HTML smuggling surges: Highly evasive loader technique increasingly used in banking malware, targeted attacks 
  HTML smuggling, a highly evasive malware delivery technique that leverages legitimate HTML5 and JavaScript features, is increasingly used in email campaigns that deploy banking malware, remote access Trojans (RATs), and other payloads related to targeted attacks.
• The hunt for NOBELIUM, the most sophisticated nation-state attack in history 
  In the second of a four-part series on the NOBELIUM nation-state attack, we share the behind-the-scenes details of the detection and investigation into the threat.