Doron Karmi

Doron Karmi

Senior Security Researcher

Doron Karmi works as a senior Incident Response Researcher at Mitiga. Prior to working at Mitiga, Doron worked as a malware analyst and threat hunter for large organizations.

Microsoft breach by Midnight Blizzard (APT29): What happened, and what now?

In a cybersecurity landscape that seems ever volatile, the Midnight Blizzard attack against Microsoft stands out for its simplicity, strategic execution, and the implications it holds for global cybersecurity.

Ransomware Strikes Azure Storage: Are You Ready?

There’s been a recent surge in cloud ransomware attacks. Examples of such attacks were observed by Sophos X-Ops, which detected the ransomware group BlackCat/ALPHV using a new Sphinx encryptor variant to encrypt Azure storage accounts by employing stolen Azure Storage account keys. The BlackCat/ALPHV ransomware group is the same entity that claimed responsibility for infiltrating MGM’s infrastructure and encrypting more than 100 ESXi hypervisors.

How Okta Passwords Can Be Compromised: Uncovering a Risk to User Data

Mitiga's research team uncovered a data risk to Okta users due to passwords that can be present in logs. This article outlines the risk and attack method.

CircleCI Cybersecurity Incident Hunting Guide

In response to the recent CircleCI security incident, the Mitiga Research Team shares this technical guide to assist organizational threat hunting efforts.

How Identifying UserData Script Manipulation Accelerates Investigation

UserData script manipulation by threat actors is a technique that has been known in the wild for several years and has been observed being exploited by many attack groups, but monitoring and detecting malicious manipulation of user data script is not trivial with standard AWS Cloudtrail logging.