Threat intelligence

The Microsoft Threat Intelligence community is made up of world-class experts, security researchers, analysts, and threat hunters who analyze 100 trillion signals daily to discover threats and deliver timely and timely, relevant insight to protect customers. See our latest findings, insights, and guidance.

Refine Results

Filtered by

Clear All

Threat intelligence
Oldest to Newest

Refine results

Sort By

Content Type

Topic

Products and services

Publish date

Start Date

End Date

Prevent threats with Microsoft Defender
The Microsoft Defender family offers comprehensive threat prevention, detection, and response capabilities for everyone—from individuals looking to protect their family to the world’s largest enterprises.
Explore products
July 29, 2021

10 min read

BazaCall: Phony call centers lead to exfiltration and ransomware

Our continued investigation into BazaCall campaigns, those that use fraudulent call centers that trick unsuspecting users into downloading the BazaLoader malware, shows that this threat is more dangerous than what’s been discussed publicly in other security blogs and covered by the media.
July 29, 2021

16 min read

When coin miners evolve, Part 2: Hunting down LemonDuck and LemonCat attacks

LemonDuck is an actively updated and robust malware primarily known for its botnet and cryptocurrency mining objectives.
August 4, 2021

8 min read

Spotting brand impersonation with Swin transformers and Siamese neural networks

Our security solutions use multiple detection and prevention techniques to help users avoid divulging sensitive information to phishers as attackers continue refining their impersonation tricks.
August 12, 2021

13 min read

Attackers use Morse code, other encryption methods in evasive phishing campaign

During our year-long investigation of a targeted, invoice-themed XLS.
Retain Microsoft Security Experts
Microsoft Security Experts are now available to strengthen your team with managed security services. Learn how to defend against threats with security experts.
Get started
August 18, 2021

11 min read

Trend-spotting email techniques: How modern phishing emails hide in plain sight

By spotting trends in the techniques used by attackers in phishing attacks, we can swiftly respond to attacks and use the knowledge to improve customer security and build comprehensive protections through Microsoft Defender for Office 365 and other solutions.
August 26, 2021

10 min read

Widespread credential phishing campaign abuses open redirector links

Microsoft has been actively tracking a widespread credential phishing campaign using open redirector links, which allow attackers to use a URL in a trusted domain and embed the eventual final malicious URL as a parameter.
September 2, 2021

9 min read

A deep-dive into the SolarWinds Serv-U SSH vulnerability

We’re sharing technical information about the vulnerability tracked as CVE-2021-35211, which was used to attack the SolarWinds Serv-U FTP software in limited and targeted attacks.
September 15, 2021

8 min read

Analyzing attacks that exploit the CVE-2021-40444 MSHTML vulnerability

This blog details our in-depth analysis of the attacks that used the CVE-2021-40444, provides detection details and investigation guidance for Microsoft 365 Defender customers, and lists mitigation steps for hardening networks against this and similar attacks.
Modernize your Security Operations Center with Microsoft Sentinel
Microsoft Sentinel is a cloud-native SIEM solution powered by AI and automation that delivers intelligent security analytics across your entire enterprise.
Learn more
September 20, 2021

7 min read

A guide to combatting human-operated ransomware: Part 1

As human-operated ransomware is on the rise, Microsoft’s Detection and Response Team (DART) shares how they investigate these attacks and what to consider when faced with a similar event in your organization.
September 21, 2021

15 min read

Catching the big fish: Analyzing a large-scale phishing-as-a-service operation

With over 100 available phishing templates that mimic known brands and services, the BulletProofLink operation is responsible for many of the phishing campaigns that impact enterprises today.
September 27, 2021

9 min read

A guide to combatting human-operated ransomware: Part 2

In this post, we will tackle the risks of human-operated ransomware and detail DART’s security recommendations for tactical containment actions and post-incident activities in the event of an attack.
September 27, 2021

20 min read

FoggyWeb: Targeted NOBELIUM malware leads to persistent backdoor

In-depth analysis of newly detected NOBELIUM malware: a post-exploitation backdoor that Microsoft Threat Intelligence Center (MSTIC) refers to as FoggyWeb.