A report on NOBELIUM’s unprecedented nation-state attack
In the final post of a four-part series on the NOBELIUM nation-state attack, we explore key findings from the after-action report on the attack.
Incident response
Incident response is the process of detecting, investigating, and responding to cyberattacks, security breaches, or IT incidents. Explore the latest trends and intelligence-driven strategies that help you prevent future attacks.
Refine results
Topic
Products and services
Publish date
Secure and verify every identity with Microsoft Entra
Microsoft Entra expands beyond identity and access management with new product categories such as cloud infrastructure entitlement management (CIEM) and decentralized identity.
-
-
Destructive malware targeting Ukrainian organizations
Microsoft Threat Intelligence Center (MSTIC) has identified evidence of a destructive malware operation targeting multiple organizations in Ukraine. -
DEV-0537 criminal actor targeting organizations for data exfiltration and destruction
The activity we have observed has been attributed to a threat group that Microsoft tracks as DEV-0537, also known as LAPSUS$. -
Tarrask malware uses scheduled tasks for defense evasion
Microsoft Detection and Response Team (DART) researchers have uncovered malware that creates “hidden” scheduled tasks as a defense evasion technique. Prevent threats with Microsoft Defender
The Microsoft Defender family offers comprehensive threat prevention, detection, and response capabilities for everyone—from individuals looking to protect their family to the world’s largest enterprises.
-
MagicWeb: NOBELIUM’s post-compromise trick to authenticate as anyone
Microsoft security researchers have discovered a post-compromise capability we’re calling MagicWeb, which is used by a threat actor we track as NOBELIUM to maintain persistent access to compromised environments. -
The art and science behind Microsoft threat hunting: Part 1
At Microsoft, we define threat hunting as the practice of actively looking for cyberthreats that have covertly (or not so covertly) penetrated an environment. -
The art and science behind Microsoft threat hunting: Part 2
In this follow-up post in our series about threat hunting, we talk about some general hunting strategies, frameworks, tools, and how Microsoft incident responders work with threat intelligence. -
Defenders beware: A case for post-ransomware investigations
The Microsoft Detection and Response Team (DART) details a recent ransomware incident in which the attacker used a collection of commodity tools and techniques, such as using living-off-the-land binaries, to launch their malicious code. Modernize your Security Operations Center with Microsoft Sentinel
Microsoft Sentinel is a cloud-native SIEM solution powered by AI and automation that delivers intelligent security analytics across your entire enterprise.
-
Microsoft Security tips for mitigating risk in mergers and acquisitions
Mergers and acquisitions can be challenging. -
Token tactics: How to prevent, detect, and respond to cloud token theft
As organizations increase their coverage of multifactor authentication (MFA), threat actors have begun to move to more sophisticated techniques to allow them to compromise corporate resources without needing to satisfy MFA. -
Solving one of NOBELIUM’s most novel attacks: Cyberattack Series
This is the first in an ongoing series exploring some of the most notable cases of the Microsoft Detection and Response Team (DART), which investigates cyberattacks on behalf of our customers. -
Guidance for investigating attacks using CVE-2023-23397
This guide provides steps organizations can take to assess whether users have been targeted or compromised by threat actors exploiting CVE-2023-23397.
