Microsoft’s threat intelligence blog warns organizations about Storm-0501’s evolving tactics, targeting hybrid cloud environments. Active since 2021, the group gains initial access to on-prem environments before pivoting to the cloud, using stolen credentials for persistent access. Recently deploying Embargo’s ransomware, Storm-0501 exploits over-privileged accounts and often implants backdoors, posing significant risks to cloud security.
Rising ClickFix malware distribution trick puts PowerShell IT policies on notice
A cyber-espionage group known as UAC-0050 has used the ClickFix technique to launch a phishing campaign in Ukraine. Using fake notifications about shared documents, users
