AI jailbreaks: What they are and how they can be mitigated
Microsoft security researchers, in partnership with other security experts, continue to proactively explore and discover new types of AI model and system vulnerabilities.
Cyberattacker techniques, tools, and infrastructure
Cyberattackers constantly evolve their techniques, tools, and infrastructure to launch increasingly complex attacks. Learn about the latest tactics and how to detect, disrupt, and defend against them.
Refine results
Topic
Products and services
Publish date
Go beyond data protection with Microsoft Purview
Govern, protect, and manage all of your data with Microsoft Purview, comprehensive solutions to help give you better visibility and control.
-
-
Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks
Microsoft has identified a new North Korean threat actor, now tracked as Moonstone Sleet (formerly Storm-1789), that combines many tried-and-true techniques used by other North Korean threat actors, as well as unique attack methodologies to target companies for its financial and cyberespionage objectives. -
Threat actors misusing Quick Assist in social engineering attacks leading to ransomware
Microsoft Threat Intelligence has observed Storm-1811 misusing the client management tool Quick Assist to target users in social engineering attacks that lead to malware like Qakbot followed by Black Basta ransomware deployment. -
Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials
Since 2019, Forest Blizzard has used a custom post-compromise tool to exploit a vulnerability in the Windows Print Spooler service that allows elevated permissions. Streamline privacy management with Microsoft Priva
Protect and govern personal information, reduce privacy risks, and manage subject rights requests at scale with Microsoft Priva privacy risk management solutions.
-
Attackers exploiting new critical OpenMetadata vulnerabilities on Kubernetes clusters
Microsoft recently uncovered an attack that exploits new critical vulnerabilities in OpenMetadata to gain access to Kubernetes workloads and leverage them for cryptomining activity. -
Staying ahead of threat actors in the age of AI
Microsoft, in collaboration with OpenAI, is publishing research on emerging threats in the age of AI, focusing on identified activity associated with known threat actors Forest Blizzard, Emerald Sleet, Crimson Sandstorm, and others. -
Midnight Blizzard: Guidance for responders on nation-state attack
The Microsoft security team detected a nation-state attack on our corporate systems on January 12, 2024, and immediately activated our response process to investigate, disrupt malicious activity, mitigate the attack, and deny the threat actor further access. -
New TTPs observed in Mint Sandstorm campaign targeting high-profile individuals at universities and research orgs
Since November 2023, Microsoft has observed a distinct subset of Mint Sandstorm (PHOSPHORUS) targeting high-profile individuals working on Middle Eastern affairs at universities and research organizations in Belgium, France, Gaza, Israel, the United Kingdom, and the United States. Simplify endpoint management with Microsoft Intune
Microsoft Intune is a cloud-based unified endpoint management platform that empowers IT to manage, assess, and protect apps and devices.
-
Financially motivated threat actors misusing App Installer
Since mid-November 2023, Microsoft Threat Intelligence has observed threat actors, including financially motivated actors like Storm-0569, Storm-1113, Sangria Tempest, and Storm-1674, utilizing the ms-appinstaller URI scheme (App Installer) to distribute malware. -
Star Blizzard increases sophistication and evasion in ongoing attacks
Microsoft Threat Intelligence continues to track and disrupt malicious activity attributed to a Russian state-sponsored actor we track as Star Blizzard, who has continuously improved their detection evasion capabilities while remaining focused on email credential theft against targets. -
Diamond Sleet supply chain compromise distributes a modified CyberLink installer
Microsoft has uncovered a supply chain attack by the threat actor Diamond Sleet (ZINC) involving a malicious variant of an application developed by CyberLink Corp. -
Microsoft shares threat intelligence at CYBERWARCON 2023
At the CYBERWARCON 2023 conference, Microsoft and LinkedIn analysts are presenting several sessions detailing analysis across multiple sets of threat actors and related activity, demonstrating Microsoft Threat Intelligence’s ongoing efforts to track threat actors, protect customers, and share information with the wider security community.
