This talk will focus on the evolution of HOLMIUM (aka APT33) cyber operations over the past few years with an emphasis a wave of attacks that have occurred throughout 2019 during a noted rise in tensions between the United States and the Islamic Republic of Iran. This talk will present unique insights derived from Microsoft telemetry including:

an overview of HOLMIUM operational security
a timeline of HOLMIUM attack preparations
the breadth and scope of HOLMIUM password spray attacks
a breakdown of observed HOLMIUM targeting preferences
the June 2019 counter attack against HOLMIUM C2 infrastructure
a shift in scope in August 2019