Storm-2372 conducts device code phishing campaign
Microsoft Threat Intelligence Center discovered an active and successful device code phishing campaign by a threat actor we track as Storm-2372.
Research
Explore in-depth research on the latest cybersecurity threats, trends, and defense strategies. Get insights from Microsoft that’ll help you better understand and respond to today’s challenges.
Refine results
Topic
Products and services
Publish date
Simplify endpoint management with Microsoft Intune
Microsoft Intune is a cloud-based unified endpoint management platform that empowers IT to manage, assess, and protect apps and devices.
-
-
The BadPilot campaign: Seashell Blizzard subgroup conducts multiyear global access operation
Microsoft is publishing for the first time our research into a subgroup within the Russian state actor Seashell Blizzard and its multiyear initial access operation, tracked by Microsoft Threat Intelligence as the “BadPilot campaign”. -
Code injection attacks using publicly disclosed ASP.NET machine keys
Microsoft Threat Intelligence observed limited activity by an unattributed threat actor using a publicly available, static ASP. -
New Star Blizzard spear-phishing campaign targets WhatsApp accounts
In mid-November 2024, Microsoft Threat Intelligence observed the Russian threat actor we track as Star Blizzard sending their typical targets spear-phishing messages, this time offering the supposed opportunity to join a WhatsApp group. Secure and verify every identity with Microsoft Entra
Microsoft Entra expands beyond identity and access management with new product categories such as cloud infrastructure entitlement management (CIEM) and decentralized identity.
-
Analyzing CVE-2024-44243, a macOS System Integrity Protection bypass through kernel extensions
Microsoft discovered a macOS vulnerability allowing attackers to bypass System Integrity Protection (SIP) by loading third party kernel extensions, which could lead to serious consequences, such as allowing attackers to install rootkits, create persistent malware, bypass Transparency, Consent, and Control (TCC), and expand the attack surface to perform other unauthorized operations. -
3 takeaways from red teaming 100 generative AI products
Since 2018, Microsoft’s AI Red Team has probed generative AI products for critical safety and security vulnerabilities. -
New Microsoft guidance for the CISA Zero Trust Maturity Model
New Microsoft guidance is now available for United States government agencies and their industry partners to help implement Zero Trust strategies and meet CISA Zero Trust requirements. -
Microsoft Defender for Cloud named a Leader in Frost Radar™ for CNAPP for the second year in a row!
In the ever-evolving landscape of cloud security, Microsoft continues to assert its dominance with its comprehensive and innovative solutions. Prevent threats with Microsoft Defender
The Microsoft Defender family offers comprehensive threat prevention, detection, and response capabilities for everyone—from individuals looking to protect their family to the world’s largest enterprises.
-
Frequent freeloader part II: Russian actor Secret Blizzard using tools of other groups to attack Ukraine
Since January 2024, Microsoft has observed Secret Blizzard using the tools or infrastructure of other threat groups to attack targets in Ukraine and download its custom backdoors Tavdig and KazuarV2. -
Microsoft Defender XDR demonstrates 100% detection coverage across all cyberattack stages in the 2024 MITRE ATT&CK® Evaluations: Enterprise
For the sixth year in a row, Microsoft Defender XDR demonstrated industry-leading extended detection and response (XDR) capabilities in the independent MITRE ATT&CK® Evaluations: Enterprise. -
Frequent freeloader part I: Secret Blizzard compromising Storm-0156 infrastructure for espionage
Microsoft has observed Secret Blizzard compromising the infrastructure and backdoors of the Pakistan-based threat actor we track as Storm-0156 for espionage against the Afghanistan government and Indian Army targets. -
Microsoft shares latest intelligence on North Korean and Chinese threat actors at CYBERWARCON
At CYBERWARCON 2024, Microsoft Threat Intelligence analysts will share research and insights on North Korean and Chinese threat actors representing years of threat actor tracking, infrastructure monitoring and disruption, and their attack tooling.
