GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s layered persistence
Microsoft has identified three new pieces of malware being used in late-stage activity by NOBELIUM – the actor behind the SolarWinds attacks, SUNBURST, and TEARDROP.
-
-
XLM + AMSI: New runtime defense against Excel 4.0 macro malware
We have recently expanded the integration of Antimalware Scan Interface (AMSI) with Office 365 to include the runtime scanning of Excel 4. -
HAFNIUM targeting Exchange Servers with 0-day exploits
Microsoft has detected multiple 0-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks. -
Web shell attacks continue to rise
A year ago, we reported the steady increase in the use of web shells in attacks worldwide. -
What tracking an attacker email infrastructure tells us about persistent cybercriminal operations
Sweeping research into massive attacker infrastructures, as well as our real-time monitoring of malware campaigns and attacker activity, directly inform Microsoft security solutions, allowing us to build or improve protections that block malware campaigns and other email threats, both current and future, as well as provide enterprises with the tools for investigating and responding to email campaigns in real-time. -
ZINC attacks against security researchers
In recent months, Microsoft has detected cyberattacks targeting security researchers by an actor we track as ZINC. -
Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop
Our continued investigation into the Solorigate attack has uncovered new details about the handover from the Solorigate DLL backdoor (SUNBURST) to the Cobalt Strike loader (TEARDROP, Raindrop, and others). -
Using Microsoft 365 Defender to protect against Solorigate
This blog is a comprehensive guide for security operations and incident response teams using Microsoft 365 Defender to identify, investigate, and respond to the Solorigate attack if it’s found in your environment. -
Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers
We, along with the security industry and our partners, continue to investigate the extent of the Solorigate attack. -
Collaborative innovation on display in Microsoft’s insider risk management strategy
Partnering with organizations like Carnegie Mellon University allows us to bring their rich research and insights to our products and services, so customers can fully benefit from our breadth of signals. -
Ensuring customers are protected from Solorigate
UPDATE: Microsoft continues to work with partners and customers to expand our knowledge of the threat actor behind the nation-state cyberattacks that compromised the supply chain of SolarWinds and impacted multiple other organizations. -
Widespread malware campaign seeks to silently inject ads into search results, affects multiple browsers
A persistent malware campaign has been actively distributing Adrozek, an evolved browser modifier malware at scale since at least May 2020.
