Threat intelligence

The Microsoft Threat Intelligence community is made up of world-class experts, security researchers, analysts, and threat hunters who analyze 100 trillion signals daily to discover threats and deliver timely and timely, relevant insight to protect customers. See our latest findings, insights, and guidance.

Refine Results

Filtered by

Clear All

Threat intelligence

Refine results

Sort By

Content Type

Topic

Products and services

Publish date

Start Date

End Date

Streamline privacy management with Microsoft Priva

Protect and govern personal information, reduce privacy risks, and manage subject rights requests at scale with Microsoft Priva privacy risk management solutions.

Learn more
March 5, 2020

19 min read

Human-operated ransomware attacks: A preventable disaster

In human-operated ransomware attacks, adversaries exhibit extensive knowledge of systems administration and common network security misconfigurations, perform thorough reconnaissance, and adapt to what they discover in a compromised network.
February 18, 2020

3 min read

Defending the power grid against supply chain attacks—Part 1: The risk defined

The “Defending the power grid against supply chain attacks” blog series analyzes how supply chain attacks are conducted and the steps utilities, device manufacturers, and software providers can take to better secure critical infrastructure.
February 4, 2020

5 min read

Ghost in the shell: Investigating web shell attacks

Web shell attacks allow adversaries to run commands and steal data from an Internet-facing server or use the server as launch pad for further attacks against the affected organization.
February 3, 2020

4 min read

Guarding against supply chain attacks—Part 2: Hardware risks

Part 2 examines the hardware supply chain, its vulnerabilities, how you can protect yourself, and Microsoft’s role in reducing hardware-based attacks.
Simplify endpoint management with Microsoft Intune

Microsoft Intune is a cloud-based unified endpoint management platform that empowers IT to manage, assess, and protect apps and devices.

Learn more
January 21, 2020

5 min read

sLoad launches version 2.0, Starslord

sLoad has launched version 2.0. With the new version, sLoad, which is a PowerShell-based Trojan downloader notable for its almost exclusive use of the Windows BITS service for malicious activities, has added an anti-analysis trick and the ability to track the stage of infection for every affected machine.
December 18, 2019

13 min read

Data science for cybersecurity: A probabilistic time series model for detecting RDP inbound brute force attacks

Microsoft Defender ATP data scientists and threat hunters collaborate to use a data science-driven approach to detecting RDP brute force attacks to protect customers against real-world threats.
December 17, 2019

1 min read

Norsk Hydro responds to ransomware attack with transparency

Aluminum supplier Norsk Hydro was attacked by LockerGoga, a form of ransomware.
December 12, 2019

8 min read

Multi-stage downloader Trojan sLoad abuses BITS almost exclusively for malicious activities

Many of today’s threats evolve to incorporate as many living-off-the-land techniques as possible into the attack chain.
Secure and verify every identity with Microsoft Entra

Microsoft Entra expands beyond identity and access management with new product categories such as cloud infrastructure entitlement management (CIEM) and decentralized identity.

Learn more
December 12, 2019

9 min read

GALLIUM: Targeting global telecom

Microsoft Threat Intelligence Center (MSTIC) is raising awareness of the ongoing activity by a group we call GALLIUM, targeting telecommunication providers.
December 11, 2019

6 min read

The quiet evolution of phishing

In 2019, we saw phishing attacks reach new levels of creativity and sophistication.
December 9, 2019

6 min read

Improve cyber supply chain risk management with Microsoft Azure

To keep government agencies secure in the cloud, we must keep pace and stay ahead of cyber attackers by defending the cyber supply chain with Microsoft Azure.
November 26, 2019

10 min read

Insights from one year of tracking a polymorphic threat

We discovered the polymoprhic threat Dexphot in October 2018.