The US Cybersecurity & Infrastructure Security Agency (CISA) has collaborated with Sandia, a US Department of Energy national laboratory, to develop an open-source incident tool called "Untitled Goose Tool". The tool can detect signs of hacking activity in Microsoft cloud services such as Azure Active Directory, Microsoft Azure, and Microsoft 365. It collects additional telemetry from Microsoft Defender for Endpoint and Defender for Internet of Things to provide more comprehensive results.
The tool is designed to help incident response teams by exporting cloud artefacts following an incident for environments that aren't ingesting logs into a Security Information and Events Management or other long-term log solution. CISA has also recently released another open-source tool, called "Decider", to assist defenders in generating MITRE ATT&CK mapping reports to enhance their security posture based on adversaries' tactics and approaches. In related news, the FBI has issued a warning that threat actors are now using fake rewards in "play-to-earn" mobile and online games to steal millions worth of cryptocurrency by using custom-created gaming apps that promise financial rewards proportional to investments made to potential targets with whom they have previously established trust through lengthy online conversations.