Cyberattacker techniques, tools, and infrastructure

Cyberattackers constantly evolve their techniques, tools, and infrastructure to launch increasingly complex attacks. Learn about the latest tactics and how to detect, disrupt, and defend against them.

Refine Results

Filtered by

Clear All

Oldest to Newest

Refine results

Sort By

Content Type

Topic

Products and services

Publish date

Start Date

End Date

Go beyond data protection with Microsoft Purview
Govern, protect, and manage all of your data with Microsoft Purview, comprehensive solutions to help give you better visibility and control.
Learn more
July 8, 2020

13 min read

Introducing Kernel Data Protection, a new platform security technology for preventing data corruption

Kernel Data Protection (KDP) is a set of APIs that provide the ability to mark some kernel memory as read-only, preventing attackers from ever modifying protected memory.
July 29, 2020

7 min read

Inside Microsoft 365 Defender: Solving cross-domain security incidents through the power of correlation analytics

Through deep correlation logic, Microsoft Threat Protection automatically finds links between related signals across domains.
August 27, 2020

6 min read

Stopping Active Directory attacks and other post-exploitation behavior with AMSI and machine learning

Microsoft Defender ATP leverages AMSI’s visibility into scripts and harnesses the power of machine learning to detect and stop post-exploitation activities that largely rely on scripts.
November 12, 2020

6 min read

System Management Mode deep dive: How SMM isolation hardens the platform

Key to defending the hypervisor, and by extension the rest of the OS, from low-level threats is protecting System Management Mode (SMM), an execution mode in x86-based processors that runs at a higher effective privilege than the hypervisor.
Streamline privacy management with Microsoft Priva
Protect and govern personal information, reduce privacy risks, and manage subject rights requests at scale with Microsoft Priva privacy risk management solutions.
Learn more
December 10, 2020

10 min read

Widespread malware campaign seeks to silently inject ads into search results, affects multiple browsers

A persistent malware campaign has been actively distributing Adrozek, an evolved browser modifier malware at scale since at least May 2020.
December 15, 2020

4 min read

Ensuring customers are protected from Solorigate

UPDATE: Microsoft continues to work with partners and customers to expand our knowledge of the threat actor behind the nation-state cyberattacks that compromised the supply chain of SolarWinds and impacted multiple other organizations.
December 18, 2020

17 min read

Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers

We, along with the security industry and our partners, continue to investigate the extent of the Solorigate attack.
January 11, 2021

3 min read

New Surface PCs enable virtualization-based security (VBS) by default to empower customers to do more, securely

The new Surface Pro 7+ for Business will ship with virtualization-based security (VBS) and Hypervisor-protected code integrity (HVCI, also commonly referred to as memory integrity) enabled out of the box to give customers even stronger security that is built-in and turned on by default.
Simplify endpoint management with Microsoft Intune
Microsoft Intune is a cloud-based unified endpoint management platform that empowers IT to manage, assess, and protect apps and devices.
Learn more
January 20, 2021

23 min read

Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop

Our continued investigation into the Solorigate attack has uncovered new details about the handover from the Solorigate DLL backdoor (SUNBURST) to the Cobalt Strike loader (TEARDROP, Raindrop, and others).
February 11, 2021

9 min read

Web shell attacks continue to rise

A year ago, we reported the steady increase in the use of web shells in attacks worldwide.
March 2, 2021

9 min read

HAFNIUM targeting Exchange Servers with 0-day exploits

Microsoft has detected multiple 0-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks.
March 25, 2021

21 min read

Analyzing attacks taking advantage of the Exchange Server vulnerabilities

Microsoft continues to monitor and investigate attacks exploiting the recent on-premises Exchange Server vulnerabilities.