Threat intelligence

The Microsoft Threat Intelligence community is made up of world-class experts, security researchers, analysts, and threat hunters who analyze 100 trillion signals daily to discover threats and deliver timely and timely, relevant insight to protect customers. See our latest findings, insights, and guidance.

Refine Results

Filtered by

Clear All

Threat intelligence

Refine results

Sort By

Content Type

Topic

Products and services

Publish date

Start Date

End Date

Streamline privacy management with Microsoft Priva
Protect and govern personal information, reduce privacy risks, and manage subject rights requests at scale with Microsoft Priva privacy risk management solutions.
Learn more
September 12, 2023

8 min read

Malware distributor Storm-0324 facilitates ransomware access

The threat actor that Microsoft tracks as Storm-0324 is a financially motivated group known to gain initial access using email-based initial infection vectors and then hand off access to compromised networks to other threat actors.
September 7, 2023

7 min read

Cloud storage security: What’s new in the threat matrix

We’re announcing the release of a second version of our threat matrix for storage services, a structured tool that assists in identifying and analyzing potential security threats on data stored in cloud storage services.
August 24, 2023

13 min read

Flax Typhoon using legitimate software to quietly access Taiwanese organizations

China-based actor Flax Typhoon is exploiting known vulnerabilities for public-facing servers, legitimate VPN software, and open-source malware to gain access to Taiwanese organizations, but not taking further action.
August 10, 2023

10 min read

Multiple high severity vulnerabilities in CODESYS V3 SDK could lead to RCE or DoS

Microsoft researchers identified multiple high-severity vulnerabilities in the CODESYS V3 SDK that could put operational technology (OT) infrastructure at risk of attacks, such as remote code execution (RCE) and denial of service (DoS).
Simplify endpoint management with Microsoft Intune
Microsoft Intune is a cloud-based unified endpoint management platform that empowers IT to manage, assess, and protect apps and devices.
Learn more
August 2, 2023

6 min read

Midnight Blizzard conducts targeted social engineering over Microsoft Teams

Microsoft Threat Intelligence has identified highly targeted social engineering attacks using credential theft phishing lures sent as Microsoft Teams chats by the threat actor that Microsoft tracks as Midnight Blizzard (previously tracked as NOBELIUM).
July 25, 2023

13 min read

Cryptojacking: Understanding and defending against cloud compute resource abuse

Cloud cryptojacking, a type of cyberattack that uses computing power to mine cryptocurrency, could result in financial loss to targeted organizations due to the compute fees that can be incurred from the abuse.
July 14, 2023

10 min read

Analysis of Storm-0558 techniques for unauthorized email access

Analysis of the techniques used by the threat actor tracked as Storm-0558 (now tracked as Antique Typhoon) for obtaining unauthorized access to email data, tools, and unique infrastructure characteristics.
July 11, 2023

7 min read

Storm-0978 attacks reveal financial and espionage motives

Microsoft has identified a phishing campaign conducted by the threat actor tracked as Storm-0978 targeting defense and government entities in Europe and North America.
Secure and verify every identity with Microsoft Entra
Microsoft Entra expands beyond identity and access management with new product categories such as cloud infrastructure entitlement management (CIEM) and decentralized identity.
Learn more
July 6, 2023

17 min read

The five-day job: A BlackByte ransomware intrusion case study

In a recent investigation by Microsoft Incident Response of a BlackByte 2.
June 22, 2023

11 min read

IoT devices and Linux-based systems targeted by OpenSSH trojan campaign

Microsoft has uncovered an attack leveraging custom and open-source tools to target internet-facing IoT devices and Linux-based systems.
June 14, 2023

13 min read

Cadet Blizzard emerges as a novel and distinct Russian threat actor

Microsoft attributes several campaigns to a distinct Russian state-sponsored threat actor tracked as Cadet Blizzard (DEV-0586), including the WhisperGate destructive attack, Ukrainian website defacements, and the hack-and-leak front “Free Civilian”.
June 8, 2023

12 min read

Detecting and mitigating a multi-stage AiTM phishing and BEC campaign

Microsoft Defender Experts observed a multi-stage adversary-in-the-middle (AiTM) and business email compromise (BEC) attack targeting banking and financial services organizations over two days.