Threat intelligence

The Microsoft Threat Intelligence community is made up of world-class experts, security researchers, analysts, and threat hunters who analyze 100 trillion signals daily to discover threats and deliver timely and timely, relevant insight to protect customers. See our latest findings, insights, and guidance.

Refine Results

Filtered by

Clear All

Threat intelligence

Refine results

Sort By

Content Type

Topic

Products and services

Publish date

Start Date

End Date

Go beyond data protection with Microsoft Purview

Govern, protect, and manage all of your data with Microsoft Purview, comprehensive solutions to help give you better visibility and control.

Learn more
January 11, 2021

3 min read

New Surface PCs enable virtualization-based security (VBS) by default to empower customers to do more, securely

The new Surface Pro 7+ for Business will ship with virtualization-based security (VBS) and Hypervisor-protected code integrity (HVCI, also commonly referred to as memory integrity) enabled out of the box to give customers even stronger security that is built-in and turned on by default.
December 18, 2020

17 min read

Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers

We, along with the security industry and our partners, continue to investigate the extent of the Solorigate attack.
December 17, 2020

2 min read

Collaborative innovation on display in Microsoft’s insider risk management strategy

Partnering with organizations like Carnegie Mellon University allows us to bring their rich research and insights to our products and services, so customers can fully benefit from our breadth of signals.
December 15, 2020

4 min read

Ensuring customers are protected from Solorigate

UPDATE: Microsoft continues to work with partners and customers to expand our knowledge of the threat actor behind the nation-state cyberattacks that compromised the supply chain of SolarWinds and impacted multiple other organizations.
Streamline privacy management with Microsoft Priva

Protect and govern personal information, reduce privacy risks, and manage subject rights requests at scale with Microsoft Priva privacy risk management solutions.

Learn more
December 10, 2020

10 min read

Widespread malware campaign seeks to silently inject ads into search results, affects multiple browsers

A persistent malware campaign has been actively distributing Adrozek, an evolved browser modifier malware at scale since at least May 2020.
December 9, 2020

4 min read

EDR in block mode stops IcedID cold

Endpoint detection and response (EDR) in block mode in Microsoft Defender for Endpoint turns EDR detections into real-time blocking of threats.
November 30, 2020

12 min read

Threat actor leverages coin miner techniques to stay under the radar – here’s how to spot them

BISMUTH, which has been running increasingly complex cyberespionage attacks as early as 2012, deployed Monero coin miners in campaigns from July to August 2020.
November 12, 2020

6 min read

System Management Mode deep dive: How SMM isolation hardens the platform

Key to defending the hypervisor, and by extension the rest of the OS, from low-level threats is protecting System Management Mode (SMM), an execution mode in x86-based processors that runs at a higher effective privilege than the hypervisor.
Simplify endpoint management with Microsoft Intune

Microsoft Intune is a cloud-based unified endpoint management platform that empowers IT to manage, assess, and protect apps and devices.

Learn more
October 12, 2020

8 min read

Trickbot disrupted

Microsoft took action against the Trickbot botnet, disrupting one of the world’s most persistent malware operations.
October 8, 2020

9 min read

Sophisticated new Android malware marks the latest evolution of mobile ransomware

We found a piece of a particularly sophisticated Android ransomware with novel techniques and behavior, exemplifying the rapid evolution of mobile threats that we have also observed on other platforms.
September 16, 2020

4 min read

Industry-wide partnership on threat-informed defense improves security for all

MITRE Engenuity’s Center for Threat-Informed Defense has published a library of detailed plans for emulating the threat actor FIN6 (which Microsoft tracks as TAAL).
September 10, 2020

5 min read

STRONTIUM: Detecting new patterns in credential harvesting

Microsoft has tied STRONTIUM to a newly uncovered pattern of Office365 credential harvesting activity aimed at US and UK organizations directly involved in political elections.