Threat actors

Microsoft actively discovers and tracks threat actors across observed state-sponsored, ransomware, and criminal activities. Get insights from the 60 nation-state actors, 50 ransomware groups, and hundreds of other attackers we’ve tracked.

Refine Results

Refine results

Sort By

Content Type

Topic

Products and services

Publish date

Start Date

End Date

Prevent threats with Microsoft Defender
The Microsoft Defender family offers comprehensive threat prevention, detection, and response capabilities for everyone—from individuals looking to protect their family to the world’s largest enterprises.
Explore products
November 30, 2020

12 min read

Threat actor leverages coin miner techniques to stay under the radar – here’s how to spot them

BISMUTH, which has been running increasingly complex cyberespionage attacks as early as 2012, deployed Monero coin miners in campaigns from July to August 2020.
October 12, 2020

8 min read

Trickbot disrupted

Microsoft took action against the Trickbot botnet, disrupting one of the world’s most persistent malware operations.
September 16, 2020

4 min read

Industry-wide partnership on threat-informed defense improves security for all

MITRE Engenuity’s Center for Threat-Informed Defense has published a library of detailed plans for emulating the threat actor FIN6 (which Microsoft tracks as TAAL).
June 18, 2020

7 min read

Inside Microsoft 365 Defender: Mapping attack chains from cloud to endpoint

In the first blog in the Inside Microsoft Threat Protection series, we will show how MTP provides unparalleled end-to-end visibility into the activities of nation-state level attacks like HOLMIUM.
Retain Microsoft Security Experts
Microsoft Security Experts are now available to strengthen your team with managed security services. Learn how to defend against threats with security experts.
Get started
June 11, 2020

7 min read

Blue teams helping red teams: A tale of a process crash, PowerShell, and the MITRE ATT&CK evaluation

Inspired by MITRE’s transparency in publishing the payloads and tools used in the attack simulation, we’ll describe the mystery that is Step 19 and tell a story about how blue teams, once in a while, can share important learnings for red teams.
June 10, 2020

8 min read

Inside Microsoft 365 Defender: Attack modeling for finding and stopping lateral movement

Microsoft Threat Protection uses a data-driven approach for identifying lateral movement, combining industry-leading optics, expertise, and data science to deliver automated discovery of some of the most critical threats today.
November 26, 2019

10 min read

Insights from one year of tracking a polymorphic threat

We discovered the polymoprhic threat Dexphot in October 2018.
October 8, 2019

8 min read

In hot pursuit of elusive threats: AI-driven behavior-based blocking stops attacks in their tracks

Two new machine learning protection features within the behavioral blocking and containment capabilities in Microsoft Defender ATP specialize in detecting threats by analyzing behavior, adding new layers of protection after an attack has started running.
Modernize your Security Operations Center with Microsoft Sentinel
Microsoft Sentinel is a cloud-native SIEM solution powered by AI and automation that delivers intelligent security analytics across your entire enterprise.
Learn more
August 20, 2019

2 min read

One simple action you can take to prevent 99.9 percent of attacks on your accounts

Learn about common vulnerabilities and what you can do to protect your company from attacks.
July 25, 2019

4 min read

New machine learning model sifts through the good to unearth the bad in evasive malware

Most machine learning models are trained on a mix of malicious and clean features.
June 24, 2019

4 min read

Inside out: Get to know the advanced technologies at the core of Microsoft Defender ATP next generation protection

While Windows Defender Antivirus makes catching 5 billion threats on devices every month look easy, multiple advanced detection and prevention technologies work under the hood to make this happen.
September 12, 2018

10 min read

Office VBA + AMSI: Parting the veil on malicious macros

As part of our continued efforts to tackle entire classes of threats, Office 365 client applications now integrate with Antimalware Scan Interface (AMSI), enabling antivirus and other security solutions to scan macros and other scripts at runtime to check for malicious behavior.