Cyberattacker techniques, tools, and infrastructure

Cyberattackers constantly evolve their techniques, tools, and infrastructure to launch increasingly complex attacks. Learn about the latest tactics and how to detect, disrupt, and defend against them.

Refine Results

Filtered by

Clear All

Oldest to Newest

Refine results

Sort By

Content Type

Topic

Products and services

Publish date

Start Date

End Date

Secure and verify every identity with Microsoft Entra
Microsoft Entra expands beyond identity and access management with new product categories such as cloud infrastructure entitlement management (CIEM) and decentralized identity.
Learn more
April 8, 2021

10 min read

Gamifying machine learning for stronger security and AI models

We are open sourcing the Python source code of a research toolkit we call CyberBattleSim, an experimental research project that investigates how autonomous agents operate in a simulated enterprise environment using high-level abstraction of computer networks and cybersecurity concepts.
April 29, 2021

4 min read

Center for Threat-Informed Defense teams up with Microsoft, partners to build the ATT&CK® for Containers matrix

Microsoft is happy to have contributed and worked closely with the Center for Threat-Informed Defense and other partners to develop the MITRE ATT&CK® for Containers matrix.
May 20, 2021

19 min read

Phorpiex morphs: How a longstanding botnet persists and thrives in the current threat environment

Phorpiex, an enduring botnet known for extortion campaigns and for using old-fashioned worms, began diversifying its infrastructure in recent years to become more resilient and to deliver more dangerous payloads.
May 28, 2021

14 min read

Breaking down NOBELIUM’s latest early-stage toolset

In this blog, we highlight four tools representing a unique infection chain utilized by NOBELIUM: EnvyScout, BoomBox, NativeZone, and VaporRage.
Prevent threats with Microsoft Defender
The Microsoft Defender family offers comprehensive threat prevention, detection, and response capabilities for everyone—from individuals looking to protect their family to the world’s largest enterprises.
Explore products
July 14, 2021

8 min read

Microsoft delivers comprehensive solution to battle rise in consent phishing emails

Microsoft threat analysts are tracking a continued increase in consent phishing emails, also called illicit consent grants, that abuse OAuth request links in an attempt to trick recipients into granting attacker-owned apps permissions to access sensitive data.
July 15, 2021

11 min read

Protecting customers from a private-sector offensive actor using 0-day exploits and DevilsTongue malware

The Microsoft Threat Intelligence Center (MSTIC) alongside the Microsoft Security Response Center (MSRC) has uncovered a private-sector offensive actor, or PSOA, that we are calling SOURGUM in possession of now-patched, Windows 0-day exploits (CVE-2021-31979 and CVE-2021-33771).
August 12, 2021

13 min read

Attackers use Morse code, other encryption methods in evasive phishing campaign

During our year-long investigation of a targeted, invoice-themed XLS.
September 15, 2021

8 min read

Analyzing attacks that exploit the CVE-2021-40444 MSHTML vulnerability

This blog details our in-depth analysis of the attacks that used the CVE-2021-40444, provides detection details and investigation guidance for Microsoft 365 Defender customers, and lists mitigation steps for hardening networks against this and similar attacks.
Retain Microsoft Security Experts
Microsoft Security Experts are now available to strengthen your team with managed security services. Learn how to defend against threats with security experts.
Get started
October 25, 2021

13 min read

NOBELIUM targeting delegated administrative privileges to facilitate broader attacks

The Microsoft Threat Intelligence Center (MSTIC) has detected nation-state activity associated with the threat actor tracked as NOBELIUM, attempting to gain access to downstream customers of multiple cloud service providers (CSP), managed service providers (MSP), and other IT services organizations.
December 2, 2021

9 min read

Structured threat hunting: One way Microsoft Defender Experts for Hunting prioritizes customer defense

Our approach to threat hunting is designed to evaluate impact and escalate potential threats for investigation, based on how damaging the potential threat would be.
December 11, 2021

32 min read

Guidance for preventing, detecting, and hunting for exploitation of the Log4j 2 vulnerability

Microsoft is tracking threats taking advantage of the remote code execution (RCE) vulnerability in Apache Log4j 2.
February 4, 2022

19 min read

ACTINIUM targets Ukrainian organizations

The Microsoft Threat Intelligence Center (MSTIC) is sharing information on a threat group named ACTINIUM, which has been operational for almost a decade and has consistently pursued access to organizations in Ukraine or entities related to Ukrainian affairs.