Threat intelligence

The Microsoft Threat Intelligence community is made up of world-class experts, security researchers, analysts, and threat hunters who analyze 100 trillion signals daily to discover threats and deliver timely and timely, relevant insight to protect customers. See our latest findings, insights, and guidance.

Refine Results

Filtered by

Clear All

Threat intelligence
Oldest to Newest

Refine results

Sort By

Content Type

Topic

Products and services

Publish date

Start Date

End Date

Modernize your Security Operations Center with Microsoft Sentinel
Microsoft Sentinel is a cloud-native SIEM solution powered by AI and automation that delivers intelligent security analytics across your entire enterprise.
Learn more
September 21, 2022

7 min read

Rewards plus: Fake mobile banking rewards apps lure users to install info-stealing RAT on Android devices

A fake mobile banking rewards app delivered through a link in an SMS campaign has been making the rounds, targeting customers of Indian banking institutions.
September 22, 2022

11 min read

Malicious OAuth applications abuse cloud email services to spread spam

Microsoft discovered an attack where attackers installed a malicious OAuth application in compromised tenants and used their Exchange Online service to launch spam runs.
September 29, 2022

13 min read

ZINC weaponizing open-source software

In recent months, Microsoft detected weaponization of legitimate open-source software by an actor the Microsoft Threat Intelligence Center (MSTIC) tracks as ZINC, targeting employees at media, defense and aerospace, and IT service provider organizations in the US, UK, India, and Russia.
September 30, 2022

7 min read

Analyzing attacks using the Exchange vulnerabilities CVE-2022-41040 and CVE-2022-41082

MSTIC observed activity related to a single activity group in August 2022 that achieved initial access and compromised Exchange servers by chaining CVE-2022-41040 and CVE-2022-41082 in a small number of targeted attacks.
Tailored AI insights from Microsoft Security Copilot
Empower your defenders to detect hidden patterns, harden defenses, and respond to incidents faster with generative AI.
Learn more
October 5, 2022

6 min read

Detecting and preventing LSASS credential dumping attacks

LSASS credential dumping is becoming prevalent, especially with the rise of human-operated ransomware.
October 14, 2022

8 min read

New “Prestige” ransomware impacts organizations in Ukraine and Poland

The Microsoft Threat Intelligence Center (MSTIC) has identified evidence of a novel ransomware campaign attributed to IRIDIUM targeting organizations in the logistics and transportation industry in Ukraine and Poland utilizing a previously unidentified ransomware payload.
October 18, 2022

13 min read

Defenders beware: A case for post-ransomware investigations

The Microsoft Detection and Response Team (DART) details a recent ransomware incident in which the attacker used a collection of commodity tools and techniques, such as using living-off-the-land binaries, to launch their malicious code.
October 21, 2022

4 min read

Securing IoT devices against attacks that target critical infrastructure

South Staffordshire PLC, a company that supplies water to over one million customers in the United Kingdom, notified its customers in August of being a target of a criminal cyberattack.
Go beyond data protection with Microsoft Purview
Govern, protect, and manage all of your data with Microsoft Purview, comprehensive solutions to help give you better visibility and control.
Learn more
October 25, 2022

11 min read

DEV-0832 (Vice Society) opportunistic ransomware campaigns impacting US education sector

In recent months, Microsoft has detected active ransomware and extortion campaigns impacting the global education sector, particularly in the US, by a threat actor we track as DEV-0832, also known as Vice Society.
October 27, 2022

15 min read

Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity

Microsoft has discovered recent activity indicating that the Raspberry Robin worm is part of a complex and interconnected malware ecosystem, with links to other malware families and alternate infection methods beyond its original USB drive spread.
November 3, 2022

6 min read

Stopping C2 communications in human-operated ransomware through network protection

Providing advanced protection against increasingly sophisticated human-operated ransomware, Microsoft Defender for Endpoint’s network protection leverages threat intelligence and machine learning to block command-and-control (C2) communications.
November 15, 2022

5 min read

2022 holiday DDoS protection guide

The holiday season is an exciting time for many people as they get to relax, connect with friends and family, and celebrate traditions.