Threat intelligence

The Microsoft Threat Intelligence community is made up of world-class experts, security researchers, analysts, and threat hunters who analyze 100 trillion signals daily to discover threats and deliver timely and timely, relevant insight to protect customers. See our latest findings, insights, and guidance.

Refine Results

Filtered by

Clear All

Threat intelligence
Oldest to Newest

Refine results

Sort By

Content Type

Topic

Products and services

Publish date

Start Date

End Date

Simplify endpoint management with Microsoft Intune
Microsoft Intune is a cloud-based unified endpoint management platform that empowers IT to manage, assess, and protect apps and devices.
Learn more
December 6, 2021

10 min read

NICKEL targeting government organizations across Latin America and Europe

China-based threat actor NICKEL has been targeting governments, diplomatic entities, and non-governmental organizations (NGOs) across Central and South America, the Caribbean, and Europe.
December 9, 2021

17 min read

A closer look at Qakbot’s latest building blocks (and how to knock them down)

Multiple Qakbot campaigns that are active at any given time prove that the decade-old malware continues to be many attackers’ tool of choice, a customizable chameleon that adapts to suit the needs of the multiple threat actor groups that utilize it.
December 11, 2021

32 min read

Guidance for preventing, detecting, and hunting for exploitation of the Log4j 2 vulnerability

Microsoft is tracking threats taking advantage of the remote code execution (RCE) vulnerability in Apache Log4j 2.
January 10, 2022

10 min read

New macOS vulnerability, “powerdir,” could lead to unauthorized user data access

A new macOS vulnerability, “powerdir,” could allow an attacker to bypass the operating system’s TCC technology and gain unauthorized access to a user’s protected data.
Secure and verify every identity with Microsoft Entra
Microsoft Entra expands beyond identity and access management with new product categories such as cloud infrastructure entitlement management (CIEM) and decentralized identity.
Learn more
January 15, 2022

7 min read

Destructive malware targeting Ukrainian organizations

Microsoft Threat Intelligence Center (MSTIC) has identified evidence of a destructive malware operation targeting multiple organizations in Ukraine.
January 26, 2022

9 min read

Evolved phishing: Device registration trick adds to phishers’ toolbox for victims without MFA

We uncovered a large-scale, multi-phase campaign that adds a novel technique to traditional phishing tactics by joining an attacker-operated device to an organization’s network to further propagate the campaign.
February 2, 2022

14 min read

The evolution of a Mac trojan: UpdateAgent’s progression

Our discovery and analysis of a sophisticated Mac trojan in October exposed a year-long evolution of a malware family—and depicts the rising complexity of threats across platforms.
February 4, 2022

19 min read

ACTINIUM targets Ukrainian organizations

The Microsoft Threat Intelligence Center (MSTIC) is sharing information on a threat group named ACTINIUM, which has been operational for almost a decade and has consistently pursued access to organizations in Ukraine or entities related to Ukrainian affairs.
Prevent threats with Microsoft Defender
The Microsoft Defender family offers comprehensive threat prevention, detection, and response capabilities for everyone—from individuals looking to protect their family to the world’s largest enterprises.
Explore products
February 16, 2022

12 min read

‘Ice phishing’ on the blockchain

Our recent analysis of a phishing attack connected to the blockchain reaffirms the durability of threats like social engineering, as well as the need for security fundamentals to be built into related future systems and frameworks.
February 25, 2022

4 min read

MSTICPy January 2022 hackathon highlights

In January 2022, MSTIC ran its inaugural hack month for the open-source Jupyter and Python Security Tools library, MSTICPy.
March 16, 2022

6 min read

Uncovering Trickbot’s use of IoT devices in command-and-control infrastructure

The Microsoft Defender for IoT research team has recently discovered the exact method through which MikroTik devices are used in Trickbot’s C2 infrastructure.
March 22, 2022

18 min read

DEV-0537 criminal actor targeting organizations for data exfiltration and destruction

The activity we have observed has been attributed to a threat group that Microsoft tracks as DEV-0537, also known as LAPSUS$.