CyberSecurity news

FlagThis - #threatintel

Brian Fagioli@BetaNews //
Microsoft is significantly expanding its cybersecurity support for European governments, providing a free security program specifically designed to combat AI-based cyberattacks. This initiative reflects Microsoft's commitment to bolstering the digital defenses of European nations. Furthermore, the company is actively addressing concerns related to competition within the European market, demonstrating a willingness to adapt to regulatory requirements and user preferences.

Microsoft is collaborating with CrowdStrike to harmonize cyber threat attribution. This partnership aims to establish a unified system for identifying and tracking cyber threat actors across different security platforms, which is designed to accelerate response times and strengthen global cyber defenses. The collaborative effort seeks to bridge the gaps created by differing naming systems for threat actors, creating a "Rosetta Stone" for cyber threat intelligence. This mapping will allow security teams to make informed decisions more quickly, correlate threat intelligence across sources, and disrupt malicious activity before it inflicts damage.

In response to Europe’s Digital Markets Act (DMA), Microsoft is making changes to the user experience within the European Economic Area. The company will reduce the frequency with which it prompts users to switch to Edge as their default browser. This change is intended to address complaints from rival browser makers and others who felt that Microsoft was unfairly pushing its own products. Europeans will also find it easier to uninstall the Windows Store and sideline Bing, offering greater control over their digital environment and aligning with the principles of the DMA, which aims to promote competition and user choice in the digital market.

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • bsky.app: While they will not switch to a single threat actor taxonomy, Microsoft and CrowdStrike analysts have already linked more than 80 overlapping threat groups.
  • BetaNews: In cybersecurity, every second counts. But when the same hacking group goes by half a dozen different names depending on which company you ask, defenders are left wasting time instead of stopping attacks.
  • @VMblog: CrowdStrike and Microsoft announced a collaboration to bring clarity and coordination to how cyber threat actors are identified and tracked across...
  • BleepingComputer: Microsoft and CrowdStrike announced today that they've partnered to connect the aliases used for specific threat groups without actually using a single naming standard.
  • SecureWorld News: CrowdStrike and Microsoft Join Forces on Naming Threat Actors
  • www.cybersecuritydive.com: Microsoft, CrowdStrike, other cyber firms collaborate on threat actor taxonomy
  • Source: Microsoft and CrowdStrike are teaming up to create alignment across our individual threat actor taxonomies to help security professionals connect insights faster. The post appeared first on .
  • MSSP feed for Latest: Microsoft and CrowdStrike Align on Threat Actor Mapping to Support Faster, Unified Defense
  • Catalin Cimpanu: Microsoft and CrowdStrike are teaming up to create alignment across our individual threat actor taxonomies
  • betanews.com: In cybersecurity, every second counts. But when the same hacking group goes by half a dozen different names depending on which company you ask, defenders are left wasting time instead of stopping attacks. Now, Microsoft and CrowdStrike are teaming up to clean up the mess they helped create. The two companies just announced a joint effort to map their threat actor naming systems to each other.
  • www.crowdstrike.com: Cybersecurity writers, rejoice! The alliance will help the industry better correlate threat actor aliases without imposing a single naming standard. It will grow in the future to include other organizations that also practice the art of attribution.
  • www.microsoft.com: Announcing a new strategic collaboration to bring clarity to threat actor naming
  • www.scworld.com: Microsoft, CrowdStrike pitch giving threat groups the same name
  • www.cxoinsightme.com: CrowdStrike and Microsoft collaborate to harmonise cyber threat attribution
  • CIO Dive - Latest News: Microsoft, CrowdStrike, other cyber firms collaborate on threat actor taxonomy
  • The Hacker News: Microsoft and CrowdStrike are teaming up to align their individual threat actor taxonomies by publishing a new joint threat actor mapping.
  • www.csoonline.com: The partnership creates a shared mapping system that aligns threat actor attribution across both companies’ intelligence ecosystems.
  • aboutdfir.com: Microsoft and CrowdStrike finally fix the stupidest problem in cybersecurityÂ
  • cyberscoop.com: CrowdStrike, Microsoft aim to eliminate confusion in threat group attribution
  • www.itpro.com: Confused at all the threat group names? You’re not alone. CrowdStrike and Microsoft want to change that
  • aboutdfir.com: Microsoft and CrowdStrike finally fix the stupidest problem in cybersecurity
  • Threats | CyberScoop: Wild variances in naming taxonomies aren’t going away, but a new initiative from the security vendors aims to more publicly address obvious overlap in threat group attribution.
  • www.techradar.com: Microsoft is looking to save precious seconds during cyberattacks by unifying threat actor naming.
  • ComputerWeekly.com: Microsoft outlines three-pronged European cyber strategy
  • CXO Insight Middle East: CrowdStrike and Microsoft collaborate to harmonise cyber threat attribution
  • www.microsoft.com: Meet the Deputy CISOs who help shape Microsoft’s approach to cybersecurity: Part 3
  • Thomas Roccia :verified:: Microsoft and CrowdStrike announced a collaboration to cross-ref their threat actor naming conventions.
  • TechHQ: Microsoft rolls out free cybersecurity support for European governments.
Classification:
  • HashTags: #Cybersecurity #MicrosoftEdge #DigitalMarketsAct
  • Company: Microsoft
  • Target: European Governments, Enterprises
  • Product: Security Program
  • Feature: Security Support
  • Type: ProductUpdate
  • Severity: Informative
@cyble.com //
The ransomware landscape is experiencing significant shifts in April 2025, with groups like Qilin taking center stage. Despite a general decline in ransomware attacks from 564 in March to 450 in April, the lowest level since November 2024, Qilin has surged to the top of the ransomware rankings. This rise is attributed to the realignment of cybercriminal groups within the chaotic Ransomware-as-a-Service (RaaS) ecosystem. Qilin is reportedly leveraging sophisticated tools and techniques, contributing to their increased success in recent months.

Qilin's success is partly due to the adoption of advanced tactics, techniques, and procedures (TTPs). Threat actors associated with Qilin have been observed utilizing malware such as SmokeLoader, along with a previously undocumented .NET compiled loader called NETXLOADER, in campaigns dating back to November 2024. NETXLOADER is a highly obfuscated loader designed to deploy additional malicious payloads and bypass traditional detection mechanisms, making it difficult to analyze. This loader plays a critical role in Qilin's stealthy malware delivery method. The surge in activity is reflected in the doubling of disclosures on Qilin's data leak site since February 2025, making it the top ransomware group in April.

The emergence of new actors like DragonForce is reshaping the threat landscape. The group is built for the gig economy. Its features include a 20% revenue share, white-label ransomware kits, pre-built infrastructure. DragonForce quickly moved to absorb affiliates following the April 2025 disappearance of RansomHub, pitching itself as an agile alternative to collapsed legacy operators. A historic surge in ransomware activity is occurring. A total of 2,289 publicly named ransomware victims were reported in just Q1 a 126% year-over-year increase, setting an all-time high. 74 distinct ransomware groups are now operating concurrently, highlighting an explosion of new actors and affiliate-driven threats.

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • cyble.com: Ransomware Attacks April 2025: Qilin Emerges from Chaos
  • cyble.com: Global ransomware attacks in April 2025 declined to 450 from 564 in – the lowest level since November 2024 – as major changes among the leading Ransomware-as-a-Service (RaaS) groups caused many affiliates to align with new groups.
  • The Hacker News: Qilin Ransomware Ranked Highest in April 2025 with Over 45 Data Leak Disclosures
  • www.redpacketsecurity.com: [QILIN] – Ransomware Victim: www[.]hcsheriff[.]gov
Classification:
@itpro.com //
Cybersecurity firm Resecurity successfully infiltrated the BlackLock ransomware gang's network by exploiting a local file inclusion vulnerability on their data leak site (DLS). This vulnerability, a misconfiguration in the site, allowed Resecurity to access the gang's network infrastructure, configuration files, and even account credentials. By gaining access, Resecurity could observe the gang's operations, identify potential victims, and alert both the victims and authorities, providing valuable insights into the gang's modus operandi.

Resecurity's actions have provided law enforcement with crucial information about BlackLock, also known as El Dorado, which had successfully attacked at least 46 organizations worldwide. The compromised DLS revealed that the gang was actively recruiting affiliates to spread the ransomware further. By uncovering the gang's methods and infrastructure, Resecurity has potentially disrupted BlackLock's operations and protected numerous organizations from falling victim to their attacks.

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • PCMag UK security: Cybersecurity Firm Hacks Ransomware Group, Alerts Potential Victims
  • www.itpro.com: Security researchers hack BlackLock ransomware gang in push back against rising threat actor
  • securityaffairs.com: BlackLock Ransomware Targeted by Cybersecurity Firm
  • The Hacker News: BlackLock Ransomware Exposed After Researchers Exploit Leak Site Vulnerability
  • thehackernews.com: In what's an instance of hacking the hackers, threat hunters have managed to infiltrate the online infrastructure associated with a ransomware group called BlackLock, uncovering crucial information about their modus operandi in the process.
  • securityaffairs.com: In what's an instance of hacking the hackers, threat hunters have managed to infiltrate the online infrastructure associated with a ransomware group called BlackLock, uncovering crucial information about their modus operandi in the process.
  • www.cybersecurity-insiders.com: For the first time, a team of security researchers has successfully infiltrated the network of a ransomware operation
Classification: