Cadet Blizzard emerges as a novel and distinct Russian threat actor
06/27/2023Microsoft attributes several campaigns to a distinct Russian state-sponsored threat actor tracked as Cadet Blizzard, including the WhisperGate destructive attack, Ukrainian website defacements, and the hack-and-leak front “Free Civilian”.
Learn more
Volt Typhoon targets US critical infrastructure with living-off-the-land techniques.
05/25/2023
Learn more
Threat Actor Insights
Microsoft Security is actively tracking threat actors across observed nation state, ransomware, and criminal activities. These insights represent publicly published activity from Microsoft Security threat researchers and provide a centralized catalog of actor profiles from the referenced blogs.
Click on a threat actor icon below to learn more.
Share
Share
Insights from trillions of daily security signals
11/04/2022Microsoft security experts illuminate today’s threat landscape, providing insights on emerging trends as well as historically persistent threats in the 2022 Microsoft Digital Defense Report.
Learn moreBehind the scenes
Security is a team sport. Meet the players.
More than 8,500 defenders worldwide
Microsoft Security’s global network of security and intelligence teams includes engineers, researchers, data scientists, cybersecurity experts, threat hunters, geopolitical analysts, investigators, and frontline responders across 77 countries.
See all expert profiles
Simeon Kakpovi
05/19/2023
Senior threat intelligence analyst Simeon Kakpovi talks about training the next generation of cyber defenders and overcoming the sheer tenacity of Iranian threat actors.
Learn more
David Atch
12/14/2022
In our latest expert profile, we spoke with David Atch, the Head of IoT/OT Security Research at Microsoft, to talk about the growing security risks of IoT and OT connectivity.
Learn more
Expert profile
Simeon Kakpovi
05/19/2023
Senior threat intelligence analyst Simeon Kakpovi talks about training the next generation of cyber defenders and overcoming the sheer tenacity of Iranian threat actors.
Learn more
Expert profile
David Atch
12/14/2022
In our latest expert profile, we spoke with David Atch, the Head of IoT/OT Security Research at Microsoft, to talk about the growing security risks of IoT and OT connectivity.
Learn moreThreat briefs
See All Briefs
61% increase in phishing attacks. Know your modern attack surface.
05/02/2023
To manage an increasingly complex attack surface, organizations must develop a comprehensive security posture. With six key attack surface areas, this report will show you how the right threat intelligence can help tilt the playing field in favor of defenders.
Learn moreReports
See All Reports
Cybercrime-as-a-service (CaaS) drives 38% business email fraud increase
05/19/2023
Business email compromise (BEC) is on the rise now that cybercriminals can obscure the source of their attacks to be even more nefarious. Learn about CaaS and how to help protect your organization.
Learn moreMore from Microsoft Security
Cadet Blizzard emerges as a novel and distinct Russian threat actor
06/14/2023
Microsoft attributes several campaigns to a distinct Russian state-sponsored threat actor tracked as Cadet Blizzard (DEV-0586), including the WhisperGate destructive attack, Ukrainian website defacements, and the hack-and-leak front “Free Civilian.”
Learn moreDetecting and mitigating a multi-stage AiTM phishing and BEC campaign
06/08/2023
Microsoft Defender Experts uncovered a multi-stage adversary-in-the-middle (AiTM) phishing and business email compromise (BEC) attack against banking and financial services organizations. The attack originated from a compromised trusted vendor and transitioned into a series of AiTM attacks and follow-on BEC activity spanning multiple organizations.
Learn moreNew macOS vulnerability, Migraine, could bypass System Integrity Protection
05/30/2023
A new vulnerability, which we refer to as “Migraine” for its involvement with macOS migration, could allow an attacker with root access to automatically bypass System Integrity Protection (SIP) in macOS and perform arbitrary operations on a device.
Learn moreFollow Microsoft Security Insider
