Names | Terbium (Microsoft) | |
Country | [Unknown] | |
Motivation | Sabotage and destruction | |
First seen | 2012 | |
Description | (Microsoft) A few weeks ago, multiple organizations in the Middle East fell victim to targeted and destructive attacks that wiped data from computers, and in many cases rendering them unstable and unbootable. Destructive attacks like these have been observed repeatedly over the years and the Windows Defender and Windows Defender Advanced Threat Protection Threat Intelligence teams are working on protection, detection, and response to these threats. Microsoft Threat Intelligence identified similarities between this recent attack and previous 2012 attacks against tens of thousands of computers belonging to organizations in the energy sector. Microsoft Threat Intelligence refers to the activity group behind these attacks as Terbium, following our internal practice of assigning rogue actors chemical element names. | |
Observed | Countries: Middle East. | |
Tools used | Depriz. | |
Information | <https://www.microsoft.com/security/blog/2016/12/09/windows-10-protection-detection-and-response-against-recent-attacks/> |
Last change to this card: 14 April 2020
Download this actor card in PDF or JSON format
Previous: TEMP.Veles
Next: TIDRONE
Digital Service Security Center Follow us on |
Report incidents |
|
+66 (0)2-123-1227 | ||
[email protected] |