Major Incidents or Breaches

  • Microsoft has disclosed ongoing attacks by the threat actor Storm-1977, targeting cloud tenants in the education sector. The group has used password spraying techniques to compromise accounts and has deployed over 200 crypto mining containers within affected environments.

Notable Threat Actor Activity

  • Storm-1977 continues to focus on education sector cloud environments, utilising automated password spraying and deploying crypto mining infrastructure post-compromise, indicating a trend towards monetisation via illicit resource use.

Trends, Tools, or Tactics of Interest

  • Password spraying remains an effective attack vector against cloud-based accounts, particularly in sectors with broad user bases and potentially weaker password hygiene.
  • Brave has released “Cookiecrumbler,” an open-source tool leveraging large language models (LLMs) and community input to identify and block intrusive cookie consent notices, reflecting a trend towards AI-assisted privacy tools and community-driven content moderation.

Other Security Developments

  • Coinbase resolved a bug in its 2FA account activity logs that previously led users to mistakenly believe their accounts had been compromised.