Threat intelligence

The Microsoft Threat Intelligence community is made up of world-class experts, security researchers, analysts, and threat hunters who analyze 100 trillion signals daily to discover threats and deliver timely and timely, relevant insight to protect customers. See our latest findings, insights, and guidance.

Refine Results

Filtered by

Clear All

Threat intelligence
Oldest to Newest

Refine results

Sort By

Content Type

Topic

Products and services

Publish date

Start Date

End Date

Go beyond data protection with Microsoft Purview
Govern, protect, and manage all of your data with Microsoft Purview, comprehensive solutions to help give you better visibility and control.
Learn more
April 22, 2024

10 min read

Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials

Since 2019, Forest Blizzard has used a custom post-compromise tool to exploit a vulnerability in the Windows Print Spooler service that allows elevated permissions.
May 1, 2024

15 min read

“Dirty stream” attack: Discovering and mitigating a common vulnerability pattern in Android apps

Microsoft discovered a vulnerability pattern in multiple popular Android applications that could enable a malicious application to overwrite files in the vulnerable application’s internal data storage directory, which could lead to arbitrary code execution and token theft, among other impacts.
May 15, 2024

10 min read

Threat actors misusing Quick Assist in social engineering attacks leading to ransomware

Microsoft Threat Intelligence has observed Storm-1811 misusing the client management tool Quick Assist to target users in social engineering attacks that lead to malware like Qakbot followed by Black Basta ransomware deployment.
May 28, 2024

14 min read

Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks

Microsoft has identified a new North Korean threat actor, now tracked as Moonstone Sleet (formerly Storm-1789), that combines many tried-and-true techniques used by other North Korean threat actors, as well as unique attack methodologies to target companies for its financial and cyberespionage objectives.
Streamline privacy management with Microsoft Priva
Protect and govern personal information, reduce privacy risks, and manage subject rights requests at scale with Microsoft Priva privacy risk management solutions.
Learn more
May 30, 2024

9 min read

Exposed and vulnerable: Recent attacks highlight critical need to protect internet-exposed OT devices

Since late 2023, Microsoft has observed an increase in reports of attacks focusing on internet-exposed, poorly secured operational technology (OT) devices.
June 4, 2024

7 min read

AI jailbreaks: What they are and how they can be mitigated

Microsoft security researchers, in partnership with other security experts, continue to proactively explore and discover new types of AI model and system vulnerabilities.
June 18, 2024

4 min read

Microsoft Defender Experts for XDR recognized in the latest MITRE Engenuity ATT&CK® Evaluation for Managed Services

Microsoft Defender Experts for XDR delivered excellent results during round 2 of the MITRE Engenuity ATT&CK® Evaluations for Managed Services menuPass + ALPHV BlackCat.
June 26, 2024

6 min read

Mitigating Skeleton Key, a new type of generative AI jailbreak technique

Microsoft recently discovered a new type of generative AI jailbreak method called Skeleton Key that could impact the implementations of some large and small language models.
Simplify endpoint management with Microsoft Intune
Microsoft Intune is a cloud-based unified endpoint management platform that empowers IT to manage, assess, and protect apps and devices.
Learn more
July 2, 2024

7 min read

Vulnerabilities in PanelView Plus devices could lead to remote code execution

Microsoft discovered and responsibly disclosed two vulnerabilities in Rockwell’s PanelView Plus that could be remotely exploited by unauthenticated attackers, allowing them to perform remote code execution (RCE) and denial-of-service (DoS).
July 17, 2024

7 min read

Connect with Microsoft Security at Black Hat USA 2024

Join Microsoft Security leaders and other security professionals from around the world at Black Hat USA 2024 to learn the latest information on security in the age of AI, cybersecurity protection, threat intelligence insights, and more.
July 25, 2024

11 min read

Onyx Sleet uses array of malware to gather intelligence for North Korea

On July 25, 2024, the United States Department of Justice (DOJ) indicted an individual linked to the North Korean threat actor that Microsoft tracks as Onyx Sleet.
July 29, 2024

9 min read

Ransomware operators exploit ESXi hypervisor vulnerability for mass encryption

Microsoft Security researchers have observed a vulnerability used by various ransomware operators to get full administrative access to domain-joined ESXi hypervisors and encrypt the virtual machines running on them.