Threat intelligence

The Microsoft Threat Intelligence community is made up of world-class experts, security researchers, analysts, and threat hunters who analyze 100 trillion signals daily to discover threats and deliver timely and timely, relevant insight to protect customers. See our latest findings, insights, and guidance.

Refine Results

Filtered by

Clear All

Threat intelligence
last-12-months
Oldest to Newest

Refine results

Sort By

Content Type

Topic

Products and services

Publish date

Start Date

End Date

November 22, 2024

10 min read

Microsoft shares latest intelligence on North Korean and Chinese threat actors at CYBERWARCON

At CYBERWARCON 2024, Microsoft Threat Intelligence analysts will share research and insights on North Korean and Chinese threat actors representing years of threat actor tracking, infrastructure monitoring and disruption, and their attack tooling.
December 4, 2024

16 min read

Frequent freeloader part I: Secret Blizzard compromising Storm-0156 infrastructure for espionage

Microsoft has observed Secret Blizzard compromising the infrastructure and backdoors of the Pakistan-based threat actor we track as Storm-0156 for espionage against the Afghanistan government and Indian Army targets.
December 11, 2024

14 min read

Frequent freeloader part II: Russian actor Secret Blizzard using tools of other groups to attack Ukraine

Since January 2024, Microsoft has observed Secret Blizzard using the tools or infrastructure of other threat groups to attack targets in Ukraine and download its custom backdoors Tavdig and KazuarV2.
January 13

9 min read

Analyzing CVE-2024-44243, a macOS System Integrity Protection bypass through kernel extensions

Microsoft discovered a macOS vulnerability allowing attackers to bypass System Integrity Protection (SIP) by loading third party kernel extensions, which could lead to serious consequences, such as allowing attackers to install rootkits, create persistent malware, bypass Transparency, Consent, and Control (TCC), and expand the attack surface to perform other unauthorized operations.
Retain Microsoft Security Experts
Microsoft Security Experts are now available to strengthen your team with managed security services. Learn how to defend against threats with security experts.
Get started
January 16

7 min read

New Star Blizzard spear-phishing campaign targets WhatsApp accounts

In mid-November 2024, Microsoft Threat Intelligence observed the Russian threat actor we track as Star Blizzard sending their typical targets spear-phishing messages, this time offering the supposed opportunity to join a WhatsApp group.
February 6

11 min read

Code injection attacks using publicly disclosed ASP.NET machine keys

Microsoft Threat Intelligence observed limited activity by an unattributed threat actor using a publicly available, static ASP.
February 12

23 min read

The BadPilot campaign: Seashell Blizzard subgroup conducts multiyear global access operation

Microsoft is publishing for the first time our research into a subgroup within the Russian state actor Seashell Blizzard and its multiyear initial access operation, tracked by Microsoft Threat Intelligence as the “BadPilot campaign”.
February 13

10 min read

Storm-2372 conducts device code phishing campaign

Microsoft Threat Intelligence Center discovered an active and successful device code phishing campaign by a threat actor we track as Storm-2372.
Modernize your Security Operations Center with Microsoft Sentinel
Microsoft Sentinel is a cloud-native SIEM solution powered by AI and automation that delivers intelligent security analytics across your entire enterprise.
Learn more
March 5

13 min read

Silk Typhoon targeting IT supply chain

Silk Typhoon is a Chinese state actor focused on espionage campaigns targeting a wide range of industries in the US and throughout the world.
March 6

32 min read

Malvertising campaign leads to info stealers hosted on GitHub

Microsoft detected a large-scale malvertising campaign in early December 2024 that impacted nearly one million devices globally.
March 11

22 min read

New XCSSET malware adds new obfuscation, persistence techniques to infect Xcode projects

Microsoft Threat Intelligence has uncovered a new variant of XCSSET, a sophisticated modular macOS malware that infects Xcode projects, in the wild.
March 13

10 min read

Phishing campaign impersonates Booking.com, delivers a suite of credential-stealing malware

Microsoft Threat Intelligence identified a phishing campaign that impersonates online travel agency Booking.

Threat intelligence

Filtered by

Refine results

Retain Microsoft Security Experts

Modernize your Security Operations Center with Microsoft Sentinel

Get started with Microsoft Security