ZINC attacks against security researchers
In recent months, Microsoft has detected cyberattacks targeting security researchers by an actor we track as ZINC.
-
-
Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop
Our continued investigation into the Solorigate attack has uncovered new details about the handover from the Solorigate DLL backdoor (SUNBURST) to the Cobalt Strike loader (TEARDROP, Raindrop, and others). -
Using Microsoft 365 Defender to protect against Solorigate
This blog is a comprehensive guide for security operations and incident response teams using Microsoft 365 Defender to identify, investigate, and respond to the Solorigate attack if it’s found in your environment. -
Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers
We, along with the security industry and our partners, continue to investigate the extent of the Solorigate attack. -
Collaborative innovation on display in Microsoft’s insider risk management strategy
Partnering with organizations like Carnegie Mellon University allows us to bring their rich research and insights to our products and services, so customers can fully benefit from our breadth of signals. -
Ensuring customers are protected from Solorigate
UPDATE: Microsoft continues to work with partners and customers to expand our knowledge of the threat actor behind the nation-state cyberattacks that compromised the supply chain of SolarWinds and impacted multiple other organizations. -
Widespread malware campaign seeks to silently inject ads into search results, affects multiple browsers
A persistent malware campaign has been actively distributing Adrozek, an evolved browser modifier malware at scale since at least May 2020. -
EDR in block mode stops IcedID cold
Endpoint detection and response (EDR) in block mode in Microsoft Defender for Endpoint turns EDR detections into real-time blocking of threats. -
Threat actor leverages coin miner techniques to stay under the radar – here’s how to spot them
BISMUTH, which has been running increasingly complex cyberespionage attacks as early as 2012, deployed Monero coin miners in campaigns from July to August 2020. -
Trickbot disrupted
Microsoft took action against the Trickbot botnet, disrupting one of the world’s most persistent malware operations. -
Sophisticated new Android malware marks the latest evolution of mobile ransomware
We found a piece of a particularly sophisticated Android ransomware with novel techniques and behavior, exemplifying the rapid evolution of mobile threats that we have also observed on other platforms. -
Industry-wide partnership on threat-informed defense improves security for all
MITRE Engenuity’s Center for Threat-Informed Defense has published a library of detailed plans for emulating the threat actor FIN6 (which Microsoft tracks as TAAL).
