Terbium

Description

(Microsoft) A few weeks ago, multiple organizations in the Middle East fell victim to targeted and destructive attacks that wiped data from computers, and in many cases rendering them unstable and unbootable. Destructive attacks like these have been observed repeatedly over the years and the Windows Defender and Windows Defender Advanced Threat Protection Threat Intelligence teams are working on protection, detection, and response to these threats.

Microsoft Threat Intelligence identified similarities between this recent attack and previous 2012 attacks against tens of thousands of computers belonging to organizations in the energy sector. Microsoft Threat Intelligence refers to the activity group behind these attacks as Terbium, following our internal practice of assigning rogue actors chemical element names.

Names

Name	Name-Giver
Terbium	Microsoft

Country

Unknown

Motivation

Sabotage and destruction

First Seen

2012

Observed Countries

Middle East

Tools

Depriz

Information

https://www.microsoft.com/security/blog/2016/12/09/windows-10-protection-detection-and-response-against-recent-attacks/

Other Information

Uuid

1bf39f2e-9b29-47aa-8b36-fc3fe2a41cc4

Last Card Change

2020-04-14

Threat Intelligence Garden

Explorer

Terbium

Terbium

Description

Names

Country

Motivation

First Seen

Observed Countries

Tools

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks