File hosting services misused for identity phishing
Since mid-April 2024, Microsoft has observed an increase in defense evasion tactics used in campaigns abusing file hosting services like SharePoint, OneDrive, and Dropbox.
Microsoft Defender for Cloud Apps
Refine results
Topic
Products and services
Publish date
Modernize your Security Operations Center with Microsoft Sentinel
Microsoft Sentinel is a cloud-native SIEM solution powered by AI and automation that delivers intelligent security analytics across your entire enterprise.
-
-
Storm-0501: Ransomware attacks expanding to hybrid cloud environments
August 27, 2025 update: Storm-0501 has continuously evolved to achieve sharpened focus on cloud-based TTPs as their primary objective shifted from deploying on-premises endpoint ransomware to using cloud-based ransomware tactics. -
Peach Sandstorm deploys new custom Tickler malware in long-running intelligence gathering operations
Between April and July 2024, Microsoft observed Iranian state-sponsored threat actor Peach Sandstorm deploying a new custom multi-stage backdoor, which we named Tickler. -
Midnight Blizzard: Guidance for responders on nation-state attack
The Microsoft security team detected a nation-state attack on our corporate systems on January 12, 2024, and immediately activated our response process to investigate, disrupt malicious activity, mitigate the attack, and deny the threat actor further access. Tailored AI insights from Microsoft Security Copilot
Empower your defenders to detect hidden patterns, harden defenses, and respond to incidents faster with generative AI.
-
Threat actors misuse OAuth applications to automate financially driven attacks
Microsoft Threat Intelligence presents cases of threat actors misusing OAuth applications as automation tools in financially motivated attacks. -
Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction
Microsoft has been tracking activity related to the financially motivated threat actor Octo Tempest, whose evolving campaigns represent a growing concern for many organizations across multiple industries. -
Peach Sandstorm password spray campaigns enable intelligence collection at high-value targets
Since February 2023, Microsoft has observed a high volume of password spray attacks attributed to Peach Sandstorm, an Iranian nation-state group. -
Cryptojacking: Understanding and defending against cloud compute resource abuse
Cloud cryptojacking, a type of cyberattack that uses computing power to mine cryptocurrency, could result in financial loss to targeted organizations due to the compute fees that can be incurred from the abuse. Go beyond data protection with Microsoft Purview
Govern, protect, and manage all of your data with Microsoft Purview, comprehensive solutions to help give you better visibility and control.
-
Microsoft Inspire: Partner resources to prepare for the future of security with AI
Microsoft Inspire is an incredible opportunity to share all the ways AI can support security efforts with our partner ecosystem. -
Microsoft Entra expands into Security Service Edge and Azure AD becomes Microsoft Entra ID
Microsoft Entra is unifying identity and network access with a new Security Service Edge (SSE) solution and more identity innovations. -
Forrester names Microsoft a Leader in the 2023 Enterprise Email Security Wave
Microsoft Defender for Office 365 is recognized as a Leader in Forrester’s 2023 Enterprise Email Security Wave Report. -
Detecting and mitigating a multi-stage AiTM phishing and BEC campaign
Microsoft Defender Experts observed a multi-stage adversary-in-the-middle (AiTM) and business email compromise (BEC) attack targeting banking and financial services organizations over two days.
