US Cybersecurity & Infrastructure Security Agency (CISA) has released a new tool that allows detecting signs of hacking activity in Microsoft cloud services.
Developed in collaboration with Sandia, a US Department of Energy national laboratory, the new open-source incident tool called — “Untitled Goose Tool” can dump telemetry information from Azure Active Directory, Microsoft Azure, and Microsoft 365 services, reports BleepingComputer.
“Untitled Goose Tool is a robust and flexible hunt and incident response tool that adds novel authentication and data gathering methods in order to run a full investigation against a customer’s Azure Active Directory (AzureAD), Azure, and M365 environments,” according to CISA.
“Untitled Goose Tool gathers additional telemetry from Microsoft Defender for Endpoint (MDE) and Defender for Internet of Things (IoT) (D4IoT),” it added.
This tool was created to help incident response teams by exporting cloud artefacts following an incident for environments that aren’t ingesting logs into a Security Information and Events Management (SIEM) or other long-term log solution.
Moreover, CISA released an open-source tool dubbed ‘Decider’ earlier this month to assist defenders in generating MITRE ATT&CK mapping reports to alter their security posture based on adversaries’ tactics and approaches, the report said.
Earlier this month, the Federal Bureau of Investigation (FBI) in the US warned that threat actors are now using fake rewards in so-called “play-to-earn” mobile and online games to steal millions worth of cryptocurrency.
They accomplish this through the use of custom-created gaming apps that promise massive financial rewards directly proportional to investments made to potential targets with whom they have previously established trust through lengthy online conversations.