Skip to main content
Microsoft Security

Threat intelligence

The Microsoft Threat Intelligence community is made up of world-class experts, security researchers, analysts, and threat hunters who analyze 100 trillion signals daily to discover threats and deliver timely and timely, relevant insight to protect customers. See our latest findings, insights, and guidance.

Refine Results

Filtered by

Clear All

Refine results

Sort By
Content Type
Research (63)
News (1)
Industry trends (0)
Events (0)
Best practices (0)
Topic
Threat intelligence (64)
Incident response (4)
Endpoint security (4)
Identity and access management (2)
Cloud security (2)
Email security (1)
AI and agents (1)
Zero Trust (0)
Threat trends (0)
Small and medium business (0)
SIEM and XDR (0)
Security operations (0)
Security management (0)
Secure remote work (0)
Risk management (0)
Privacy (0)
Office of the CISO (0)
Network security (0)
Multifactor authentication (0)
MISA (0)
Microsoft Secure Future Initiative (0)
Internet of Things (IoT) security (0)
Information protection and governance (0)
Device management (0)
Detection and protection success stories (0)
Defending against advanced tactics (0)
Data security (0)
Data protection (0)
Compliance (0)
Built-in security (0)
Analyst reports (0)
Actionable threat insights (0)
Products and services
Microsoft Defender (64)
Microsoft Defender XDR (64)
Microsoft Defender for Endpoint (41)
Microsoft Defender for Cloud Apps (15)
Microsoft Defender for Office 365 (14)
Microsoft Defender Threat Intelligence (11)
Microsoft Defender for Identity (9)
Microsoft Defender for Cloud (9)
Microsoft Defender Vulnerability Management (7)
Microsoft Defender for IoT (3)
Microsoft Defender External Attack Surface Management (1)
Microsoft Defender for Business (0)
Microsoft Sentinel (27)
Microsoft Security Experts (9)
Microsoft Defender Experts for Hunting (4)
Microsoft Incident Response (3)
Microsoft Defender Experts for XDR (3)
Microsoft Security Services for Enterprise (0)
Microsoft Entra (8)
Microsoft Entra ID Protection (5)
Microsoft Entra ID (3)
Microsoft Entra Workload ID (0)
Microsoft Entra Verified ID (0)
Microsoft Entra Private Access (0)
Microsoft Entra Internet Access (0)
Microsoft Entra ID Governance (0)
Microsoft Entra External ID (0)
Microsoft Security Copilot (2)
Microsoft Purview (1)
Microsoft Purview Insider Risk Management (1)
Microsoft Purview Data Lifecycle Management (1)
Microsoft Purview Information Protection (0)
Microsoft Purview eDiscovery (0)
Microsoft Purview Data Loss Prevention (0)
Microsoft Purview Compliance Manager (0)
Microsoft Purview Communication Compliance (0)
Microsoft Purview Audit (0)
Microsoft Priva (0)
Microsoft Priva Subject Rights Requests (0)
Microsoft Priva Risk Management (0)
Microsoft Intune (0)
Microsoft Entra Agent ID (0)
Publish date
  • Two women pointing at a screen
    • 21 min read

    AI as tradecraft: How threat actors operationalize AI

    Threat actors are operationalizing AI to scale and sustain malicious activity, accelerating tradecraft and increasing risk for defenders, as illustrated by recent activity from North Korean groups such as Jasper Sleet and Coral Sleet (formerly Storm-1877).
  • Photo of man in office using laptop, with blue hexagon overlays and the icon for phishing
    • 15 min read

    Inside Tycoon2FA: How a leading AiTM phishing kit operated at scale

    Tycoon2FA has become a leading phishing-as-a-service (PhaaS) platforms, enabling campaigns that reach over 500,000 organizations monthly, prompting Microsoft’s Digital Crimes Unit (DCU) to work with Europol and industry partners to facilitate a disruption of Tycoon2FA’s infrastructure and operations.

  • Retain Microsoft Security Experts

    Microsoft Security Experts are now available to strengthen your team with managed security services. Learn how to defend against threats with security experts.

    Get started
  • Retail shop worker using a digital tablet checks inventory in a storage room
    • 20 min read

    Inside the attack chain: Threat activity targeting Azure Blob Storage

    Azure Blob Storage is a high-value target for threat actors due to its critical role in storing and managing massive amounts of unstructured data at scale across diverse workloads and is increasingly targeted through sophisticated attack chains that exploit misconfigurations, exposed credentials, and evolving cloud tactics.
  • Professor works at a table in a campus office space
    • 12 min read

    Investigating targeted “payroll pirate” attacks affecting US universities

    Microsoft Threat Intelligence has identified a financially motivated threat actor that we track as Storm-2657 compromising employee accounts to gain unauthorized access to employee profiles and divert salary payments to attacker-controlled accounts, attacks that have been dubbed “payroll pirate”.
  • Person typing on a laptop
    • 10 min read

    AI vs. AI: Detecting an AI-obfuscated phishing campaign

    Microsoft Threat Intelligence recently detected and blocked a credential phishing campaign that likely used AI-generated code to obfuscate its payload and evade traditional defenses, demonstrating a broader trend of attackers leveraging AI to increase the effectiveness of their operations and underscoring the need for defenders to understand and anticipate AI-driven threats.
  • A woman walking down the street
    • 13 min read

    Frozen in transit: Secret Blizzard’s AiTM campaign against diplomats

    Microsoft Threat Intelligence has uncovered a cyberespionage campaign by the Russian state actor we track as Secret Blizzard that has been ongoing since at least 2024, targeting embassies in Moscow using an adversary-in-the-middle (AiTM) position to deploy their custom ApolloShadow malware.
Load More

Get started with Microsoft Security

Protect your people, data, and infrastructure with AI-powered, end-to-end security from Microsoft.

Learn how

Connect with us on social