Threat intelligence

The Microsoft Threat Intelligence community is made up of world-class experts, security researchers, analysts, and threat hunters who analyze 100 trillion signals daily to discover threats and deliver timely and timely, relevant insight to protect customers. See our latest findings, insights, and guidance.

Refine Results

Filtered by

Clear All

Threat intelligence

Refine results

Sort By

Content Type

Topic

Products and services

Publish date

Start Date

End Date

Tailored AI insights from Microsoft Security Copilot
Empower your defenders to detect hidden patterns, harden defenses, and respond to incidents faster with generative AI.
Learn more
August 4, 2021

8 min read

Spotting brand impersonation with Swin transformers and Siamese neural networks

Our security solutions use multiple detection and prevention techniques to help users avoid divulging sensitive information to phishers as attackers continue refining their impersonation tricks.
July 29, 2021

16 min read

When coin miners evolve, Part 2: Hunting down LemonDuck and LemonCat attacks

LemonDuck is an actively updated and robust malware primarily known for its botnet and cryptocurrency mining objectives.
July 29, 2021

10 min read

BazaCall: Phony call centers lead to exfiltration and ransomware

Our continued investigation into BazaCall campaigns, those that use fraudulent call centers that trick unsuspecting users into downloading the BazaLoader malware, shows that this threat is more dangerous than what’s been discussed publicly in other security blogs and covered by the media.
July 27, 2021

7 min read

Combing through the fuzz: Using fuzzy hashing and deep learning to counter malware detection evasion techniques

A new approach for malware classification combines deep learning with fuzzy hashing.
Go beyond data protection with Microsoft Purview
Govern, protect, and manage all of your data with Microsoft Purview, comprehensive solutions to help give you better visibility and control.
Learn more
July 22, 2021

8 min read

When coin miners evolve, Part 1: Exposing LemonDuck and LemonCat, modern mining malware infrastructure

LemonDuck, an actively updated and robust malware that’s primarily known for its botnet and cryptocurrency mining objectives, adopted more sophisticated behavior and escalated its operations.
July 15, 2021

11 min read

Protecting customers from a private-sector offensive actor using 0-day exploits and DevilsTongue malware

The Microsoft Threat Intelligence Center (MSTIC) alongside the Microsoft Security Response Center (MSRC) has uncovered a private-sector offensive actor, or PSOA, that we are calling SOURGUM in possession of now-patched, Windows 0-day exploits (CVE-2021-31979 and CVE-2021-33771).
July 14, 2021

8 min read

Microsoft delivers comprehensive solution to battle rise in consent phishing emails

Microsoft threat analysts are tracking a continued increase in consent phishing emails, also called illicit consent grants, that abuse OAuth request links in an attempt to trick recipients into granting attacker-owned apps permissions to access sensitive data.
July 13, 2021

4 min read

Microsoft discovers threat actor targeting SolarWinds Serv-U software with 0-day exploit

Microsoft has detected a 0-day remote code execution exploit being used to attack SolarWinds Serv-U FTP software in limited and targeted attacks.
Streamline privacy management with Microsoft Priva
Protect and govern personal information, reduce privacy risks, and manage subject rights requests at scale with Microsoft Priva privacy risk management solutions.
Learn more
June 30, 2021

6 min read

Microsoft finds new NETGEAR firmware vulnerabilities that could lead to identity theft and full system compromise

We discovered vulnerabilities in NETGEAR DGN-2200v1 series routers that can compromise a network’s security—opening the gates for attackers to roam untethered through an entire organization.
June 18, 2021

3 min read

Microsoft announces recipients of academic grants for AI research on combating phishing

Congratulations to the winners of the Microsoft Security AI RFP, which called for AI research on the threat of phishing and approaches for defending against it.
June 14, 2021

7 min read

Behind the scenes of business email compromise: Using cross-domain threat data to disrupt a large BEC campaign

Microsoft 365 Defender researchers recently uncovered and disrupted a large-scale business email compromise (BEC) infrastructure hosted in multiple web services.
May 28, 2021

14 min read

Breaking down NOBELIUM’s latest early-stage toolset

In this blog, we highlight four tools representing a unique infection chain utilized by NOBELIUM: EnvyScout, BoomBox, NativeZone, and VaporRage.