Midnight Blizzard (NOBELIUM)

Refine Results

Refine results

Sort By

Content Type

Topic

Products and services

Publish date

Start Date

End Date

October 29, 2024

13 min read

Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files

Since October 22, 2024, Microsoft Threat Intelligence has observed Russian threat actor Midnight Blizzard sending a series of highly targeted spear-phishing emails to individuals in government, academia, defense, non-governmental organizations, and other sectors.
January 25, 2024

10 min read

Midnight Blizzard: Guidance for responders on nation-state attack

The Microsoft security team detected a nation-state attack on our corporate systems on January 12, 2024, and immediately activated our response process to investigate, disrupt malicious activity, mitigate the attack, and deny the threat actor further access.
August 2, 2023

6 min read

Midnight Blizzard conducts targeted social engineering over Microsoft Teams

Microsoft Threat Intelligence has identified highly targeted social engineering attacks using credential theft phishing lures sent as Microsoft Teams chats by the threat actor that Microsoft tracks as Midnight Blizzard (previously tracked as NOBELIUM).
August 24, 2022

21 min read

MagicWeb: NOBELIUM’s post-compromise trick to authenticate as anyone

Microsoft security researchers have discovered a post-compromise capability we’re calling MagicWeb, which is used by a threat actor we track as NOBELIUM to maintain persistent access to compromised environments.
Retain Microsoft Security Experts
Microsoft Security Experts are now available to strengthen your team with managed security services. Learn how to defend against threats with security experts.
Get started
December 15, 2021

5 min read

A report on NOBELIUM’s unprecedented nation-state attack

In the final post of a four-part series on the NOBELIUM nation-state attack, we explore key findings from the after-action report on the attack.
December 2, 2021

5 min read

Behind the unprecedented effort to protect customers against the NOBELIUM nation-state attack

In the third of a four-part series on the NOBELIUM nation-state attack, we share how Microsoft product teams built new detections into products to better protect customers.
November 22, 2021

11 min read

How to investigate service provider trust chains in the cloud

This blog outlines DART’s recommendations for incident responders to investigate potential abuse of these delegated admin permissions, independent of the threat actor.
November 11, 2021

9 min read

HTML smuggling surges: Highly evasive loader technique increasingly used in banking malware, targeted attacks

HTML smuggling, a highly evasive malware delivery technique that leverages legitimate HTML5 and JavaScript features, is increasingly used in email campaigns that deploy banking malware, remote access Trojans (RATs), and other payloads related to targeted attacks.
Modernize your Security Operations Center with Microsoft Sentinel
Microsoft Sentinel is a cloud-native SIEM solution powered by AI and automation that delivers intelligent security analytics across your entire enterprise.
Learn more
November 10, 2021

5 min read

The hunt for NOBELIUM, the most sophisticated nation-state attack in history

In the second of a four-part series on the NOBELIUM nation-state attack, we share the behind-the-scenes details of the detection and investigation into the threat.
October 25, 2021

7 min read

Microsoft Digital Defense Report shares new insights on nation-state attacks

Learn about targets and methods used by today’s nation-state threat actors, and how your organization can create a more secure environment.
October 25, 2021

13 min read

NOBELIUM targeting delegated administrative privileges to facilitate broader attacks

The Microsoft Threat Intelligence Center (MSTIC) has detected nation-state activity associated with the threat actor tracked as NOBELIUM, attempting to gain access to downstream customers of multiple cloud service providers (CSP), managed service providers (MSP), and other IT services organizations.
September 28, 2021

4 min read

How nation-state attackers like NOBELIUM are changing cybersecurity

In the first of a four-part series on the NOBELIUM nation-state attack, we describe the attack and explain why enterprises should be cautious.

Midnight Blizzard (NOBELIUM)

Refine results

Retain Microsoft Security Experts

Modernize your Security Operations Center with Microsoft Sentinel

Get started with Microsoft Security