Threat intelligence

The Microsoft Threat Intelligence community is made up of world-class experts, security researchers, analysts, and threat hunters who analyze 78 trillion signals daily to discover threats and deliver timely and timely, relevant insight to protect customers. See our latest findings, insights, and guidance.

Refine Results

Filtered by

Clear All

Newest to Oldest

Refine results

Sort By

Content Type

Topic

Products and services

Publish date

Start Date

End Date

Streamline privacy management with Microsoft Priva
Protect and govern personal information, reduce privacy risks, and manage subject rights requests at scale with Microsoft Priva privacy risk management solutions.
Learn more
June 14, 2023

13 min read

Cadet Blizzard emerges as a novel and distinct Russian threat actor

Microsoft attributes several campaigns to a distinct Russian state-sponsored threat actor tracked as Cadet Blizzard (DEV-0586), including the WhisperGate destructive attack, Ukrainian website defacements, and the hack-and-leak front “Free Civilian”.
June 8, 2023

12 min read

Detecting and mitigating a multi-stage AiTM phishing and BEC campaign

Microsoft Defender Experts observed a multi-stage adversary-in-the-middle (AiTM) and business email compromise (BEC) attack targeting banking and financial services organizations over two days.
May 30, 2023

10 min read

New macOS vulnerability, Migraine, could bypass System Integrity Protection

A new vulnerability, which we refer to as “Migraine”, could allow an attacker with root access to bypass System Integrity Protection (SIP) in macOS and perform arbitrary operations on a device.
May 24, 2023

10 min read

Volt Typhoon targets US critical infrastructure with living-off-the-land techniques

Chinese state-sponsored actor Volt Typhoon is using stealthy techniques to target US critical infrastructure, conduct espionage, and dwell in compromised environments.
Simplify endpoint management with Microsoft Intune
Microsoft Intune is a cloud-based unified endpoint management platform that empowers IT to manage, assess, and protect apps and devices.
Learn more
April 18, 2023

7 min read

Microsoft shifts to a new threat actor naming taxonomy

Microsoft is excited to announce that we are shifting to a new threat actor naming taxonomy aligned to the theme of weather.
April 18, 2023

14 min read

Nation-state threat actor Mint Sandstorm refines tradecraft to attack high-value targets

Today, Microsoft is reporting on a distinct subset of Mint Sandstorm (formerly known as PHOSPHORUS), an Iranian threat actor that specializes in hacking into and stealing sensitive information from high-value targets.
April 13, 2023

4 min read

Threat actors strive to cause Tax Day headaches

With U.S. Tax Day approaching, Microsoft has observed phishing attacks targeting accounting and tax return preparation firms to deliver the Remcos RAT and compromise target networks.
April 11, 2023

8 min read

Guidance for investigating attacks using CVE-2022-21894: The BlackLotus campaign

This guide provides steps that organizations can take to assess whether users have been targeted or compromised by threat actors exploiting CVE-2022-21894 via a Unified Extensible Firmware Interface (UEFI) bootkit called BlackLotus.
Secure and verify every identity with Microsoft Entra
Microsoft Entra expands beyond identity and access management with new product categories such as cloud infrastructure entitlement management (CIEM) and decentralized identity.
Learn more
April 11, 2023

14 min read

DEV-0196: QuaDream’s “KingsPawn” malware used to target civil society in Europe, North America, the Middle East, and Southeast Asia

Microsoft analyzes a threat group tracked as DEV-0196, the actor’s iOS malware “KingsPawn”, and their link to an Israel-based private sector offensive actor (PSOA) known as QuaDream, which reportedly sells a suite of exploits, malware, and infrastructure called REIGN, that’s designed to exfiltrate data from mobile devices.
April 7, 2023

16 min read

MERCURY and DEV-1084: Destructive attack on hybrid environment

Microsoft detected a unique operation where threat actors carried out destructive actions in both on-premises and cloud environments.
April 6, 2023

10 min read

DevOps threat matrix

In this blog, we discuss threats we face in our DevOps environment, introducing our new threat matrix for DevOps.
April 4, 2023

7 min read

Discover a new era of security with Microsoft at RSAC 2023

Microsoft Security will be at the 2023 RSA Conference and we’d love to connect with you there.