Steve Ginty

Extortion and ransomware drive over half of cyberattacks Microsoft launches its sixth annual Digital Defense Report, highlighting trends from July 2024 to June 2025, including that over half of cyberattacks with known motives were driven by extortion or ransomware. The report stresses that legacy security is insufficient—modern AI-driven defenses and cross-industry collaboration are essential. For individuals, strong tools like phishing-resistant MFA can block over 99% of identity-based attacks.

The Microsoft Digital Defense Report 2025 shows how threats are evolving faster than ever, fueled by AI. msft.it/63322sf3y4

Key insights from report include:

- More than 50% of cyberattacks with known motives had financial objectives such as extortion or ransom.

Dissecting PipeMagic: Inside the architecture of a modular backdoor framework A comprehensive technical deep dive on PipeMagic, a highly modular backdoor used by Storm-2460 masquerading as a legitimate open-source ChatGPT Desktop Application. Beneath its disguise, PipeMagic is a sophisticated malware framework designed for flexibility and persistence. Once deployed, it can dynamically execute payloads while maintaining robust command and control (C2) communication via a dedicated networking module.

PipeMagic is a sophisticated malware framework with a modular, stealthy, and highly extensible architecture, giving threat actors granular control over code execution and making detection and analysis challenging. msft.it/63321spbNh

Disrupting active exploitation of on-premises SharePoint vulnerabilities | Microsoft Security Blog Microsoft has observed two named Chinese nation-state actors, Linen Typhoon and Violet Typhoon, exploiting vulnerabilities targeting internet-facing SharePoint servers. In addition, we have observed a...

Microsoft is sharing details from ongoing investigations of threat actors exploiting vulnerabilities targeting on-premises SharePoint servers. Linen Typhoon, Violet Typhoon, and Storm-2603 have been observed exploiting the vulnerabilities: msft.it/6044sE1ua

At this time of day on July 2, I’m drawn to think of the several thousand US troops spread out in an ever thinning line along Culp’s Hill, on the US right. All afternoon, units have been pulled from this position to bolster the left flank - Little Round Top, the Wheatfield, and Cemetery Ridge

New Russia-affiliated actor Void Blizzard targets critical sectors for espionage | Microsoft Security Blog Microsoft Threat Intelligence has discovered a cluster of worldwide cloud abuse activity conducted by a threat actor we track as Void Blizzard, who we assess with high confidence is Russia-affiliated and has been active since at least April 2024. Void Blizzard’s cyberespionage operations tend to be highly targeted at specific organizations of interest to Russia, including in government, defense, transportation, media, non-governmental organizations (NGOs), and healthcare sectors primarily in Europe and North America.

Microsoft has discovered a cluster of worldwide cloud abuse activity by new Russia-affiliated threat actor Void Blizzard (LAUNDRY BEAR), whose cyberespionage activity targets gov't, defense, transportation, media, NGO, and healthcare in Europe and North America. https://msft.it/63324S9Jkp

Lumma Stealer: Breaking down the delivery techniques and capabilities of a prolific infostealer | Microsoft Security Blog Over the past year, Microsoft Threat Intelligence observed the persistent growth and operational sophistication of Lumma Stealer, an info-stealing malware used by multiple financially motivated threat actors to target various industries. Microsoft, partnering with others across industry and international law enforcement, facilitated the disruption of Lumma infrastructure.

Lumma Stealer, an infostealer malware used by multiple financially motivated threat actors like Octo Tempest (Scattered Spider) to target a wide range of industries, has shown persistent growth and operational sophistication over the past year: https://msft.it/63326Sd2PM

Exclusive: Hegseth orders Cyber Command to stand down on Russia planning The secretary of Defense has ordered U.S. Cyber Command to stand down from all planning against Russia, including offensive digital actions, sources tell Recorded Future News.

Both unsurprising given the administration’s swing toward the authoritarian bloc, and yet also so shocking. You can bet Russia has no such illusions and isn’t unilaterally backing down. therecord.media/hegseth-orde...

I am trying to imagine the reaction of Joe Biden or Barack Obama had spoken to a Republican governor in this way at a public event.

I just can’t. None of us can.

Government Welfare Is Evil, Unless the Money Goes to the Wealthiest Man in the World “The Trump administration is expected to purchase $400 million worth of armored Tesla vehicles, according to a new State Department document detail...

"What a far cry from the days of Democrat corruption. It’s like we were living in darkness, only to emerge into this bright and blinding light where we literally refuse to see what’s in front of our eyes."

It feels like no one should have to say this, and yet we are in a situation where it needs to be said, very loudly and clearly, before it’s too late to do anything about it: The United States is not a startup. If you run it like one, it will break.

🔗 www.wired.com/story/the-us...

Hey everyone. We're hiring a Systems and Security Technical Lead @citizenlab.ca

Come join us! It's an extraordinary place with extraordinary people ... and *extraordinary* security risks!

Never a dull day, I can promise you that!!

jobs.utoronto.ca/job/Toronto-...

Deeply, deeply unserious

YouTube video by Saturday Night Live Founding Fathers Cold Open - SNL

Seeing a lot of kneejerk hate for SNL booking LMM here, but I thought this gag was sublime. Nobody else remembers "Hamilton" as a foundational Resistance text, Pence going to see it and getting lectured, etc? www.youtube.com/watch?v=oDtS...

January 24, 2025 “NUTS!”

For the umpteenth time - history matters.

Read Heather.

“January 25, 2025, marks eighty years since the end of the Battle of the Bulge.”

heathercoxrichardson.substack.com/p/january-24...

I’ve focused on security for at-risk civil society groups for over a decade now (🙀), including human rights defenders, lawyers, and journalists. I’m available for collaboration, consulting, and presenting, so please get in touch if you’d like to work together!

I Will Pay Any Amount to Not Pay My Taxes I’ve gotten myself into a bit of a jam. A series of natural disasters is barreling towards my home, and there is a severe shortage of resources and...

"Seriously, I don’t care how much it costs. Take every dime I have. But know this: I would level my house to the ground before I paid slightly higher property taxes to fund infrastructure that would prevent a landslide from leveling my house to the ground."

MSTIC is hiring! Current roles in US and AU.

The Microsoft Threat Intelligence Center (MSTIC) is recruiting experienced nation-state threat hunters with highly honed threat intel analysis skills. MSTIC is responsible for delivering timely threat intelligence across our product & services teams.

The DPRK IT Worker apparatus is a well oiled machine. Few grasp the depth of how many pieces enable these operations.

@hultquist.bsky.social kicks off this year's #CYBERWARCON.

The Onion Buys Alex Jones’s Infowars Out of Bankruptcy The satirical news site planned to turn Infowars into a parody of itself, mocking “weird internet personalities” who peddle conspiracy theories and health supplements.

Hi everyone.

The Onion, with the help of the Sandy Hook families, has purchased InfoWars.

We are planning on making it a very funny, very stupid website.

We have retained the services of some Onion and Clickhole Hall of Famers to pull this off.

I can't wait to show you what we have cooked up.

This. 100% This.

Any Dem acting like we need to push further right needs to be tossed immediately. Harris lost, but not by as much as people are saying.

Anyone talking like this has always wanted to be more conservative and now they have an excuse. Fuck off.

until the day I die I will never understand why he was even still allowed to run after this

Chinese threat actor Storm-0940 uses credentials from password spray attacks from a covert network | Microsoft Security Blog Since August 2023, Microsoft has observed intrusion activity targeting and successfully stealing credentials from multiple Microsoft customers that is enabled by highly evasive password spray attacks....

The Microsoft team found SOHO routers manufactured by TP-Link made up most of a covert network of compromised devices used for Storm-0940 hacking operations. They exploit a vulnerability in the routers to gain remote code execution capability for a botnet

www.microsoft.com/en-us/securi...

Biden administration nears completion of second cybersecurity executive order with plethora of agenda items Federal agencies would have to address everything from AI to cloud security to access management, sources told CyberScoop.

SCOOP: @timstarks.bsky.social has all the details on a forthcoming cybersecurity executive order. There is something here for everyone: AI, open-source software, cloud security, identity credentialing and post-quantum cryptography are all in the order. cyberscoop.com/biden-cybers...

Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files | Microsoft Security Blog Since October 22, 2024, Microsoft Threat Intelligence has observed Russian threat actor Midnight Blizzard sending a series of highly targeted spear-phishing emails to individuals in government, academ...

Some work news - important blog on spear-phishing and RDP.

www.microsoft.com/en-us/securi...

Collapse of national security elites' cyber firm leaves bitter wake IronNet, a cybersecurity startup, had promised it would combat hackers using a unique blend of expertise and software.

apnews.com/article/keit...

Map of the US with 40 dots on it.

The first 40 accounts are now active, and the automated updates should be running.

There are 122 local NWS offices, and it takes a few minutes per site to create and configure the account, but I'm working through them. Holler if there's one you want prioritized.