The five-day job: A BlackByte ransomware intrusion case study
In a recent investigation by Microsoft Incident Response of a BlackByte 2.
Cybercrime
The cybercriminal economy is a connected ecosystem of many players with different techniques, goals, and skillsets. Get insights on the industrialization of cybercrime and how cyberattackers use ready-made malware and other tools to perform their attacks.
Refine results
Topic
Products and services
Publish date
Tailored AI insights from Microsoft Security Copilot
Empower your defenders to detect hidden patterns, harden defenses, and respond to incidents faster with generative AI.
-
-
Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction
Microsoft has been tracking activity related to the financially motivated threat actor Octo Tempest, whose evolving campaigns represent a growing concern for many organizations across multiple industries. -
Social engineering attacks lure Indian users to install Android banking trojans
Microsoft has observed ongoing activity from mobile banking trojan campaigns targeting users in India with social media messages and malicious applications designed to impersonate legitimate organizations and steal users’ information for financial fraud scams. -
Threat actors misuse OAuth applications to automate financially driven attacks
Microsoft Threat Intelligence presents cases of threat actors misusing OAuth applications as automation tools in financially motivated attacks. Go beyond data protection with Microsoft Purview
Govern, protect, and manage all of your data with Microsoft Purview, comprehensive solutions to help give you better visibility and control.
-
Join us at InfoSec Jupyterthon 2024
We’re inviting the community of analysts and engineers to join us at InfoSec Jupyterthon 2024. -
Staying ahead of threat actors in the age of AI
Microsoft, in collaboration with OpenAI, is publishing research on emerging threats in the age of AI, focusing on identified activity associated with known threat actors Forest Blizzard, Emerald Sleet, Crimson Sandstorm, and others. -
Enhancing protection: Updates on Microsoft’s Secure Future Initiative
A few months into Microsoft’s Secure Future Initiative, read the details on what we’ve accomplished across key engineering advances to deliver the next generation of built-in security for customers. -
Attackers exploiting new critical OpenMetadata vulnerabilities on Kubernetes clusters
Microsoft recently uncovered an attack that exploits new critical vulnerabilities in OpenMetadata to gain access to Kubernetes workloads and leverage them for cryptomining activity. Streamline privacy management with Microsoft Priva
Protect and govern personal information, reduce privacy risks, and manage subject rights requests at scale with Microsoft Priva privacy risk management solutions.
-
Threat actors misusing Quick Assist in social engineering attacks leading to ransomware
Microsoft Threat Intelligence has observed Storm-1811 misusing the client management tool Quick Assist to target users in social engineering attacks that lead to malware like Qakbot followed by Black Basta ransomware deployment. -
Storm-0501: Ransomware attacks expanding to hybrid cloud environments
Microsoft has observed the threat actor tracked as Storm-0501 launching a multi-staged attack where they compromised hybrid cloud environments and performed lateral movement from on-premises to cloud environment, leading to data exfiltration, credential theft, tampering, persistent backdoor access, and ransomware deployment. -
File hosting services misused for identity phishing
Since mid-April 2024, Microsoft has observed an increase in defense evasion tactics used in campaigns abusing file hosting services like SharePoint, OneDrive, and Dropbox. -
Cyber Signals Issue 8 | Education under siege: How cybercriminals target our schools
This edition of Cyber Signals delves into the cybersecurity challenges facing classrooms and campuses, highlighting the critical need for robust defenses and proactive measures.
