https://store-images.s-microsoft.com/image/apps.51975.cc4ce789-9b71-4f70-8858-e0d0fae7f2c6.9cb8a960-629b-4f04-b0a8-bc2beb1bc16b.eaa65956-b715-48e7-8faa-1425144fb7c5

Dev 0270 Detection and Hunting

Microsoft Sentinel, Microsoft Corporation

Dev 0270 Detection and Hunting

Microsoft Sentinel, Microsoft Corporation

Dev 0270 Detection and Hunting

Note: Please refer to the following before installing the solution:

• Review the solution Release Notes

• There may be known issues pertaining to this Solution, please refer to them before installing.

Microsoft threat intelligence teams have been tracking multiple ransomware campaigns and have tied these attacks to DEV-0270, also known as Nemesis Kitten, a sub-group of Iranian actor PHOSPHORUS. Microsoft assesses with moderate confidence that DEV-0270 conducts malicious network operations, including widespread vulnerability scanning, on behalf of the government of Iran. For more technical and mitigation information, please read the Microsoft Security blog. As Microsoft continues to track DEV-0270’s tactics and techniques, we are also sharing guidance, detections and hunting queries to help our customers better defend against this threat through our security products.

Analytic Rules: 4

Learn more about Microsoft Sentinel | Learn more about Solutions