Threat intelligence

The Microsoft Threat Intelligence community is made up of world-class experts, security researchers, analysts, and threat hunters who analyze 100 trillion signals daily to discover threats and deliver timely and timely, relevant insight to protect customers. See our latest findings, insights, and guidance.

Refine Results

Filtered by

Clear All

Threat intelligence
Oldest to Newest

Refine results

Sort By

Content Type

Topic

Products and services

Publish date

Start Date

End Date

Streamline privacy management with Microsoft Priva
Protect and govern personal information, reduce privacy risks, and manage subject rights requests at scale with Microsoft Priva privacy risk management solutions.
Learn more
May 6, 2021

8 min read

Business email compromise campaign targets wide range of orgs with gift card scam

Read our investigation of a BEC campaign that used attacker-created email infrastructure to facilitate gift card theft targeting the consumer goods, process manufacturing and agriculture, real estate, discrete manufacturing, and professional services sectors.
May 18, 2021

6 min read

Mitigate OT security threats with these best practices

Chris Sistrunk, a Technical Manager in Mandiant’s ICS/OT Consulting practice, shares best practices to improve operational technology security.
May 20, 2021

19 min read

Phorpiex morphs: How a longstanding botnet persists and thrives in the current threat environment

Phorpiex, an enduring botnet known for extortion campaigns and for using old-fashioned worms, began diversifying its infrastructure in recent years to become more resilient and to deliver more dangerous payloads.
May 28, 2021

14 min read

Breaking down NOBELIUM’s latest early-stage toolset

In this blog, we highlight four tools representing a unique infection chain utilized by NOBELIUM: EnvyScout, BoomBox, NativeZone, and VaporRage.
Simplify endpoint management with Microsoft Intune
Microsoft Intune is a cloud-based unified endpoint management platform that empowers IT to manage, assess, and protect apps and devices.
Learn more
June 14, 2021

7 min read

Behind the scenes of business email compromise: Using cross-domain threat data to disrupt a large BEC campaign

Microsoft 365 Defender researchers recently uncovered and disrupted a large-scale business email compromise (BEC) infrastructure hosted in multiple web services.
June 18, 2021

3 min read

Microsoft announces recipients of academic grants for AI research on combating phishing

Congratulations to the winners of the Microsoft Security AI RFP, which called for AI research on the threat of phishing and approaches for defending against it.
June 30, 2021

6 min read

Microsoft finds new NETGEAR firmware vulnerabilities that could lead to identity theft and full system compromise

We discovered vulnerabilities in NETGEAR DGN-2200v1 series routers that can compromise a network’s security—opening the gates for attackers to roam untethered through an entire organization.
July 13, 2021

4 min read

Microsoft discovers threat actor targeting SolarWinds Serv-U software with 0-day exploit

Microsoft has detected a 0-day remote code execution exploit being used to attack SolarWinds Serv-U FTP software in limited and targeted attacks.
Secure and verify every identity with Microsoft Entra
Microsoft Entra expands beyond identity and access management with new product categories such as cloud infrastructure entitlement management (CIEM) and decentralized identity.
Learn more
July 14, 2021

8 min read

Microsoft delivers comprehensive solution to battle rise in consent phishing emails

Microsoft threat analysts are tracking a continued increase in consent phishing emails, also called illicit consent grants, that abuse OAuth request links in an attempt to trick recipients into granting attacker-owned apps permissions to access sensitive data.
July 15, 2021

11 min read

Protecting customers from a private-sector offensive actor using 0-day exploits and DevilsTongue malware

The Microsoft Threat Intelligence Center (MSTIC) alongside the Microsoft Security Response Center (MSRC) has uncovered a private-sector offensive actor, or PSOA, that we are calling SOURGUM in possession of now-patched, Windows 0-day exploits (CVE-2021-31979 and CVE-2021-33771).
July 22, 2021

8 min read

When coin miners evolve, Part 1: Exposing LemonDuck and LemonCat, modern mining malware infrastructure

LemonDuck, an actively updated and robust malware that’s primarily known for its botnet and cryptocurrency mining objectives, adopted more sophisticated behavior and escalated its operations.
July 27, 2021

7 min read

Combing through the fuzz: Using fuzzy hashing and deep learning to counter malware detection evasion techniques

A new approach for malware classification combines deep learning with fuzzy hashing.