Skip to main content
Microsoft Security

Threat actors

Microsoft actively discovers and tracks threat actors across observed state-sponsored, ransomware, and criminal activities. Get insights from the 60 nation-state actors, 50 ransomware groups, and hundreds of other attackers weโ€™ve tracked.

Refine Results

Filtered by

Clear All

Refine results

Sort By
Content Type
Research (113)
News (3)
Industry trends (0)
Events (0)
Best practices (0)
Topic
Threat intelligence (116)
Incident response (8)
Identity and access management (3)
Endpoint security (3)
AI and agents (3)
Internet of Things (IoT) security (2)
Threat trends (1)
Security management (1)
Office of the CISO (1)
Multifactor authentication (1)
Email security (1)
Data security (1)
Data protection (1)
Analyst reports (1)
Zero Trust (0)
Small and medium business (0)
SIEM and XDR (0)
Security operations (0)
Secure remote work (0)
Risk management (0)
Privacy (0)
Network security (0)
MISA (0)
Microsoft Secure Future Initiative (0)
Information protection and governance (0)
Device management (0)
Compliance (0)
Cloud security (0)
Built-in security (0)
Products and services
Microsoft Defender (66)
Microsoft Defender for Endpoint (44)
Microsoft Defender XDR (35)
Microsoft Defender Threat Intelligence (16)
Microsoft Defender for Cloud Apps (12)
Microsoft Defender for Identity (11)
Microsoft Defender for Office 365 (10)
Microsoft Defender Vulnerability Management (7)
Microsoft Defender for Cloud (4)
Microsoft Defender for IoT (3)
Microsoft Defender External Attack Surface Management (3)
Microsoft Defender for Business (0)
Microsoft Sentinel (24)
Microsoft Entra (8)
Microsoft Entra ID (5)
Microsoft Entra ID Protection (4)
Microsoft Entra Workload ID (0)
Microsoft Entra Verified ID (0)
Microsoft Entra Private Access (0)
Microsoft Entra Internet Access (0)
Microsoft Entra ID Governance (0)
Microsoft Entra External ID (0)
Microsoft Security Experts (5)
Microsoft Defender Experts for Hunting (3)
Microsoft Incident Response (2)
Microsoft Defender Experts for XDR (1)
Microsoft Security Services for Enterprise (0)
Microsoft Security Copilot (2)
Microsoft Purview (0)
Microsoft Purview Insider Risk Management (0)
Microsoft Purview Information Protection (0)
Microsoft Purview eDiscovery (0)
Microsoft Purview Data Loss Prevention (0)
Microsoft Purview Data Lifecycle Management (0)
Microsoft Purview Compliance Manager (0)
Microsoft Purview Communication Compliance (0)
Microsoft Purview Audit (0)
Microsoft Priva (0)
Microsoft Priva Subject Rights Requests (0)
Microsoft Priva Risk Management (0)
Microsoft Intune (0)
Microsoft Entra Agent ID (0)
Publish date

  • Go beyond data protection with Microsoft Purview

    Govern, protect, and manage all of your data with Microsoft Purview, comprehensive solutions to help give you better visibility and control.

    Learn more
  • Aerial panoramic view of cityscape skyline with metropole financial district modern skyscrapers during sunrise with illuminated buildings and cloudy sky in London, UK.
    • 12 min read

    Disrupting SEABORGIUM’s ongoing phishing operations

    The Microsoft Threat Intelligence Center (MSTIC) has observed and taken actions to disrupt campaigns launched by SEABORGIUM in campaigns involve persistent phishing and credential theft campaigns leading to intrusions and data theft.

  • Streamline privacy management with Microsoft Priva

    Protect and govern personal information, reduce privacy risks, and manage subject rights requests at scale with Microsoft Priva privacy risk management solutions.

    Learn more
    • 13 min read

    ZINC weaponizing open-source software

    In recent months, Microsoft detected weaponization of legitimate open-source software by an actor the Microsoft Threat Intelligence Center (MSTIC) tracks as ZINC, targeting employees at media, defense and aerospace, and IT service provider organizations in the US, UK, India, and Russia.

  • Simplify endpoint management with Microsoft Intune

    Microsoft Intune is a cloud-based unified endpoint management platform that empowers IT to manage, assess, and protect apps and devices.

    Learn more
  • Data center illuminated with a bluish light. Yellow cords running on the servers are prominently displayed.
    • 8 min read

    New “Prestige” ransomware impacts organizations in Ukraine and Poland

    The Microsoft Threat Intelligence Center (MSTIC) has identified evidence of a novel ransomware campaign attributed to IRIDIUM targeting organizations in the logistics and transportation industry in Ukraine and Poland utilizing a previously unidentified ransomware payload.
  • Practitioner and CISO collaboration in a security war room.
    • 13 min read

    Defenders beware: A case for post-ransomware investigations

    The Microsoft Detection and Response Team (DART) details a recent ransomware incident in which the attacker used a collection of commodity tools and techniques, such as using living-off-the-land binaries, to launch their malicious code.
Load More

Get started with Microsoft Security

Protect your people, data, and infrastructure with AI-powered, end-to-end security from Microsoft.

Learn how

Connect with us on social