Microsoft Threat Intelligence Center (MSTIC) and Microsoft 365 Defender Research Team detected Iran-based threat actor MERCURY leveraging exploitation of Log4j 2 vulnerabilities in SysAid applications against organizations all located in Israel. MSTIC assesses with high confidence that MERCURY’s observed activity was affiliated with Iran’s Ministry of Intelligence and Security (MOIS).
ADVERSARY: MERCURY
MALWARE FAMILY: MERCURY
ATT&CK IDS: T1059 - Command and Scripting Interpreter, T1547 - Boot or Logon Autostart Execution, T1114 - Email Collection
Read More:
Comments