Containing a domain compromise: How predictive shielding shut down lateral movement
Microsoft details domain compromise containment using predictive shielding against lateral movement.
Summary
Microsoft's Security Research Team documented a real-world domain compromise incident where predictive shielding technology successfully contained lateral movement and credential abuse. The post discusses exposure-based containment strategies that halted threat actor momentum during an attack. Additionally, the team uncovered a sophisticated macOS intrusion campaign by North Korean threat actor Sapphire Sleet that leverages social engineering and user-driven execution to bypass security controls and steal credentials and sensitive data.
Full text
April 16 25 min read Dissecting Sapphire Sleet’s macOS intrusion from lure to compromise The Microsoft Defender Security Research Team uncovered a sophisticated macOS intrusion campaign attributed to the North Korean threat actor Sapphire Sleet that abuses user driven execution and social engineering to bypass macOS security protections and steal credentials, cryptocurrency assets, and sensitive data.