This is the Trace Id: e1bacb52d5644ec4441087ba42673000

Explore our cybersecurity work

Hands typing on a laptop where the display shows map points and lines on a world map.

Microsoft Threat Analysis Center

We are dedicated to detecting, assessing, and disrupting threats to Microsoft, our customers, and governments worldwide.

What we do

The Microsoft Threat Analysis Center (MTAC) focuses on activity from advanced persistent threats (APTs) in two ways:

Tracking nation-state threat actors

MTAC monitors and disrupts nation-state-driven influence campaigns designed to mislead the public and erode trust. It also tracks cyber-enabled influence operations, building on the technical signals and findings from Microsoft Threat Intelligence Center (MSTIC) to provide geopolitical context to the operations.

Tracking the malicious use of AI

Through expert analysis and collaboration, we expose how AI and digital tools are weaponized to undermine democracies today and look ahead for how they might be used tomorrow.

Staying ahead of the threat landscape

MTAC partners with teams across Microsoft to stay ahead of evolving threats through shared expertise and innovation.

We ground our mission in:

Transparency

Exposing influence operations, deepfakes, and synthetic media that aim to mislead the public.

Partnerships

Collaborating with democratic governments to share intelligence and counter digital threats.

Information integrity

Defending truth and trust in the digital age.
Abstract digital artwork with bright blue and white curved light patterns forming a spiral on a dark background.

In the first half of 2025, nation-state threat actor use of AI in influence operations surged—fueling more advanced, scalable, and harder-to-detect campaigns. MTAC reveals the latest tactics and what defenders need to know.

Explore the Microsoft Digital Defense Report 2025

MTAC reports

We publish security intelligence reports on key and emerging threat trends.
2024 2023 2022
Matrix-style digital display with multicolored numbers and symbols on a black background, resembling data streams.

As the US election nears, Russia, Iran and China step up influence efforts

Russia, Iran, and China ramp up AI-driven influence ops targeting United States campaigns ahead of the 2024 election.

Read the fifth election report
Abstract digital background with blue and red binary code and horizontal light streaks on a dark backdrop.

Russia leverages cyber proxies and Volga Flood assets in expansive influence efforts

The report reveals how authoritarian states used AI and influence ops to target voters ahead of global 2024 elections.

Read the fourth election report
Iranian flag overlaid with binary code and digital symbols

Iran steps into the 2024 US election with cyber-enabled influence operations

Iran-linked groups used AI, fake news sites, and cyber ops to influence United States voters and disrupt the 2024 US election.

Read the third election report
A historic building featuring ornate architecture with statues and a central clock. Two flags—France and the European Union—fly atop the central tower. Large white letters spelling 'PARIS 2024' are displayed across the front, referencing the Olympic Games.

How Russia is trying to disrupt the 2024 Paris Olympic Games

Russia used AI and fake media to spread fear and discredit the International Olympic Committee ahead of the 2024 Paris Olympics.

Read the Olympics report
A hand placing a piece of paper into a slot, symbolizing voting or ballot submission.

Nation-states engage in US-focused influence operations ahead of the US presidential election

Russian US election interference targeted support for Ukraine after slow start.

Read the second election report
Digital world map with orange lines forming a web of connections across continents, symbolizing global networks or data flow.

Same targets, new playbooks: East Asia threat actors employ unique methods

China, North Korea pursue new targets while honing cyber capabilities.

Read the East Asia report
Digital globe in red and orange hues with illuminated nodes and connecting lines, representing a global communication or data network.

Protecting Election 2024 from foreign malign influence: lessons learned help us anticipate the future

China tested United States voter fault lines and ramped AI content to boost its geopolitical interests.

Read the first election report
Iranian flag overlaid with binary code and digital symbols, suggesting a cybersecurity or tech theme.

Iran surges cyber-enabled influence operations in support of Hamas

Iran combined targeted hacks with social media influence operations in support of Hamas after the Israel-Hamas war broke out on October 7, 2023.

Read the Iran report
Person in a blue shirt placing a white paper into a ballot box.

Protecting Election 2024 from foreign malign influence

How AI and deepfakes shaped 2024 election threats—and what’s next for defending democracy worldwide.

Read the election threat report
Map of Africa showing Wagner deployments, Russian military ties, and French troop movements in select countries.

Russia’s African coup strategy

Explore how coups in the Sahel and Gabon reflected a growing playbook of hybrid warfare, disinformation, and foreign influence.

Read about Russia’s Africa strategy
Cityscape of Tehran with Milad Tower in the background and a large Iranian flag in the foreground.

Iran turning to cyber-enabled influence operations for greater effect

Iran continued to be a significant threat actor, leveraging cyber-enabled influence operations to achieve its geopolitical aims.

Read the Iran report
Ukrainian flag in binary code with a central shield emblem

Defending Ukraine: Early Lessons from the Cyber War

How cyber resilience and cloud tech are reshaping modern warfare in Ukraine.

Read the Ukraine report
Close-up of a blue and yellow printed circuit board with intricate pathways

Preparing for a Russian cyber offensive against Ukraine this winter

Microsoft flags rising Russian cyber threats to Ukraine and allies as winter conflict intensifies.

Read the blog on Russia’s efforts
Back to Tabs

Latest news and stories

Stay informed on the latest developments—from threat intelligence briefings to global policy updates.
Explore the stories
Image of purple lines intersecting with blue lines, overlaid with blue dots to represent an interconnected grid network

Explore more

Learn more about Microsoft’s cybersecurity initiatives.
World map with a hexagonal overlay and padlock icons across continents, symbolizing global data security; dark blue background with light blue continents.

Customer Security and Trust (CST)

Protecting people, defending global institutions, and advancing digital trust.
Learn about our CST work
Interior of the Microsoft Cybercrime Center featuring a world map labeled 'Microsoft Cybercrime Center' on the left, a large display screen with graphics and data in the center, and a wall on the right with the text 'Leading the fight against cybercrime.

Microsoft Digital Crimes Unit (DCU)

The DCU is a global team that has worked to disrupt and deter cybercrime since 2008.
Learn about the DCU
United Nations building

Cybersecurity Policy and Diplomacy (CPD)

The CPD team’s mission is to advance security and trust in cyberspace.
Learn about the CPD team
Follow Microsoft