Microsoft Defender Experts, Author at Microsoft Security Blog

Photo of a woman on a computer, with the Storm actor icon in overlay

Research
March 12
9 min read

Storm-2561 uses SEO poisoning to distribute fake VPN clients for credential theft

Storm-2561 uses SEO poisoning to push fake VPN downloads that install signed trojans and steal VPN credentials.

Visual graphic representing malware via a digital bug icon.

Research
March 11
10 min read

Contagious Interview: Malware delivered through fake developer job interviews

The Contagious Interview campaign weaponizes job recruitment to target developers.

A colorful graphic showing a radar scanning icon representing new detection and hunting guidance.

Research
February 24
14 min read

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.

November 25, 2025
5 min read

Charting the future of SOC: Human and AI collaboration for better security

This blog shares our journey and insights from building autonomous AI agents for MDR operations and explores how the shift to a GenAI-powered SOC redefines collaboration between humans and AI.

Photo of businessman sitting at workstation in startup office working on project on laptop

Research
August 21, 2025
26 min read

Think before you Click(Fix): Analyzing the ClickFix social engineering technique

The ClickFix social engineering technique has been growing in popularity, with campaigns targeting thousands of enterprise and end-user devices daily.

A group of people standing on a floor of a building lobby discussing

Research
May 21, 2025
15 min read

Lumma Stealer: Breaking down the delivery techniques and capabilities of a prolific infostealer

Over the past year, Microsoft Threat Intelligence observed the persistent growth and operational sophistication of Lumma Stealer, an info-stealing malware used by multiple financially motivated threat actors to target various industries.

Research
April 15, 2025
10 min read

Threat actors misuse Node.js to deliver malware and other malicious payloads

Since October 2024, Microsoft Defender Experts has observed and helped multiple customers address campaigns leveraging Node.

Photo of a man holding a tablet and luggage with blue hexagons and the icon for Storm threat actors

Research
March 13, 2025
10 min read

Phishing campaign impersonates Booking.com, delivers a suite of credential-stealing malware

Microsoft Threat Intelligence identified a phishing campaign that impersonates online travel agency Booking.

A man wearing glasses and headphones looking at a computer screen

Research
March 6, 2025
32 min read

Malvertising campaign leads to info stealers hosted on GitHub

Microsoft detected a large-scale malvertising campaign in early December 2024 that impacted nearly one million devices globally.

Microsoft Cyber Defense Operations Center.

Best practices
January 6, 2025
7 min read

Why security teams rely on Microsoft Defender Experts for XDR for managed detection and response

Microsoft Defender Experts for XDR is a mature and proven service that triages, investigates, and responds to incidents and hunts for threats on a customer’s behalf around the clock.

Chief information security officer collaborating with practitioners in a security operations center.

News
October 9, 2023
6 min read

Expanded Microsoft Security Experts offerings provide comprehensive protection

Read about the latest updates to our Microsoft Security Experts product offerings.

Close-up view of focused chief information security officer at work in a security operations center.

Best practices
July 24, 2023
5 min read

Microsoft Defender Experts for XDR helps triage, investigate, and respond to cyberthreats

Take a closer look at how Microsoft Defender Experts for XDR works, and how it complements the power of the Microsoft 365 Defender suite.

Microsoft Defender Experts posts