New Microsoft guidance for the CISA Zero Trust Maturity Model
New Microsoft guidance is now available for United States government agencies and their industry partners to help implement Zero Trust strategies and meet CISA Zero Trust requirements.
Frequent freeloader part II: Russian actor Secret Blizzard using tools of other groups to attack Ukraine
Since January 2024, Microsoft has observed Secret Blizzard using the tools or infrastructure of other threat groups to attack targets in Ukraine and download its custom backdoors Tavdig and KazuarV2.
Microsoft Defender XDR demonstrates 100% detection coverage across all cyberattack stages in the 2024 MITRE ATT&CK® Evaluations: Enterprise​​
For the sixth year in a row, Microsoft Defender XDR demonstrated industry-leading extended detection and response (XDR) capabilities in the independent MITRE ATT&CK® Evaluations: Enterprise. The cyberattack used during the detection test highlights the importance of a unified XDR platform and showcases Defender XDR as a leading solution for securing your multi-operating system estate.
New Microsoft Purview features help protect and govern your data in the era of AI
Microsoft Purview delivers unified data security, governance, and compliance for the era of AI. Read about the new features.
Frequent freeloader part I: Secret Blizzard compromising Storm-0156 infrastructure for espionage
Microsoft has observed Secret Blizzard compromising the infrastructure and backdoors of the Pakistan-based threat actor we track as Storm-0156 for espionage against the Afghanistan government and Indian Army targets.
Chinese threat actor Storm-0940 uses credentials from password spray attacks from a covert network
Since August 2023, Microsoft has observed intrusion activity targeting and successfully stealing credentials from multiple Microsoft customers that is enabled by highly evasive password spray attacks. Microsoft has linked the source of these password spray attacks to a network of compromised devices we track as CovertNetwork-1658, also known as xlogin and Quad7 (7777).
Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files
Since October 22, 2024, Microsoft Threat Intelligence has observed Russian threat actor Midnight Blizzard sending a series of highly targeted spear-phishing emails to individuals in government, academia, defense, non-governmental organizations, and other sectors. This activity is ongoing, and Microsoft will continue to investigate and provide updates as available.
File hosting services misused for identity phishing
Since mid-April 2024, Microsoft has observed an increase in defense evasion tactics used in campaigns abusing file hosting services like SharePoint, OneDrive, and Dropbox. These campaigns use sophisticated techniques to perform social engineering, evade detection, and compromise identities, and include business email compromise (BEC) attacks.
Storm-0501: Ransomware attacks expanding to hybrid cloud environments
Microsoft has observed the threat actor tracked as Storm-0501 launching a multi-staged attack where they compromised hybrid cloud environments and performed lateral movement from on-premises to cloud environment, leading to data exfiltration, credential theft, tampering, persistent backdoor access, and ransomware deployment.
​​Microsoft is named a Leader in the 2024 Gartner® Magic Quadrant™ for Endpoint Protection Platforms
Gartner® names Microsoft a Leader in Endpoint Protection Platforms—a reflection, we believe, of our continued progress in helping organizations protect their endpoints against even the most sophisticated attacks, while driving continued efficiency for security operations center teams.
Peach Sandstorm deploys new custom Tickler malware in long-running intelligence gathering operations
Between April and July 2024, Microsoft observed Iranian state-sponsored threat actor Peach Sandstorm deploying a new custom multi-stage backdoor, which we named Tickler.
Microsoft again ranked number one in modern endpoint security market share
IDC Worldwide Corporate Endpoint Security Market Shares report for 2023 ranks Microsoft number one in market share with a 40.7% increase in share over last year.