Cross‑tenant helpdesk impersonation to data exfiltration: A human-operated intrusion playbook
Threat actors are abusing external Microsoft Teams collaboration to impersonate IT helpdesk staff and convince users to grant remote access.
-
-
Storm-2561 uses SEO poisoning to distribute fake VPN clients for credential theft
Storm-2561 uses SEO poisoning to push fake VPN downloads that install signed trojans and steal VPN credentials. -
Contagious Interview: Malware delivered through fake developer job interviews
The Contagious Interview campaign weaponizes job recruitment to target developers. -
Developer-targeting campaign using malicious Next.js repositories
A developer-targeting campaign leveraged malicious Next. -
Charting the future of SOC: Human and AI collaboration for better security
This blog shares our journey and insights from building autonomous AI agents for MDR operations and explores how the shift to a GenAI-powered SOC redefines collaboration between humans and AI. -
Think before you Click(Fix): Analyzing the ClickFix social engineering technique
The ClickFix social engineering technique has been growing in popularity, with campaigns targeting thousands of enterprise and end-user devices daily. -
Lumma Stealer: Breaking down the delivery techniques and capabilities of a prolific infostealer
Over the past year, Microsoft Threat Intelligence observed the persistent growth and operational sophistication of Lumma Stealer, an info-stealing malware used by multiple financially motivated threat actors to target various industries. -
Threat actors misuse Node.js to deliver malware and other malicious payloads
Since October 2024, Microsoft Defender Experts has observed and helped multiple customers address campaigns leveraging Node. -
Phishing campaign impersonates Booking.com, delivers a suite of credential-stealing malware
Microsoft Threat Intelligence identified a phishing campaign that impersonates online travel agency Booking. -
Malvertising campaign leads to info stealers hosted on GitHub
Microsoft detected a large-scale malvertising campaign in early December 2024 that impacted nearly one million devices globally. -
Why security teams rely on Microsoft Defender Experts for XDR for managed detection and response
Microsoft Defender Experts for XDR is a mature and proven service that triages, investigates, and responds to incidents and hunts for threats on a customer’s behalf around the clock. -
Expanded Microsoft Security Experts offerings provide comprehensive protection
Read about the latest updates to our Microsoft Security Experts product offerings.
