-
-
The final report on NOBELIUM’s unprecedented nation-state attack
In the final post of a four-part series on the NOBELIUM nation-state attack, we explore key findings from the after-action report on the attack. -
Behind the unprecedented effort to protect customers against the NOBELIUM nation-state attack
In the third of a four-part series on the NOBELIUM nation-state attack, we share how Microsoft product teams built new detections into products to better protect customers. -
How to investigate service provider trust chains in the cloud
This blog outlines DART’s recommendations for incident responders to investigate potential abuse of these delegated admin permissions, independent of the threat actor. -
HTML smuggling surges: Highly evasive loader technique increasingly used in banking malware, targeted attacks
HTML smuggling, a highly evasive malware delivery technique that leverages legitimate HTML5 and JavaScript features, is increasingly used in email campaigns that deploy banking malware, remote access Trojans (RATs), and other payloads related to targeted attacks. -
The hunt for NOBELIUM, the most sophisticated nation-state attack in history
In the second of a four-part series on the NOBELIUM nation-state attack, we share the behind-the-scenes details of the detection and investigation into the threat. -
Microsoft Digital Defense Report shares new insights on nation-state attacks
Learn about targets and methods used by today’s nation-state threat actors, and how your organization can create a more secure environment. -
NOBELIUM targeting delegated administrative privileges to facilitate broader attacks
The Microsoft Threat Intelligence Center (MSTIC) has detected nation-state activity associated with the threat actor tracked as NOBELIUM, attempting to gain access to downstream customers of multiple cloud service providers (CSP), managed service providers (MSP), and other IT services organizations. -
How nation-state attackers like NOBELIUM are changing cybersecurity
In the first of a four-part series on the NOBELIUM nation-state attack, we describe the attack and explain why enterprises should be cautious. -
FoggyWeb: Targeted NOBELIUM malware leads to persistent backdoor
In-depth analysis of newly detected NOBELIUM malware: a post-exploitation backdoor that Microsoft Threat Intelligence Center (MSTIC) refers to as FoggyWeb. NOBELIUM uses FoggyWeb to remotely exfiltrate the configuration database of compromised AD FS servers, decrypted token-signing certificate, and token-decryption certificate, as well as to download and execute additional components.
Tailored AI insights from Microsoft Security Copilot
Empower your defenders to detect hidden patterns, harden defenses, and respond to incidents faster with generative AI.
Streamline privacy management with Microsoft Priva
Protect and govern personal information, reduce privacy risks, and manage subject rights requests at scale with Microsoft Priva privacy risk management solutions.
