Patch me if you can: Cyberattack Series
The Microsoft Incident Response team takes swift action to help contain a ransomware attack and regain positive administrative control of the customer environment.
Cadet Blizzard emerges as a novel and distinct Russian threat actor
Microsoft attributes several campaigns to a distinct Russian state-sponsored threat actor tracked as Cadet Blizzard (DEV-0586), including the WhisperGate destructive attack, Ukrainian website defacements, and the hack-and-leak front “Free Civilian”.
Detecting and mitigating a multi-stage AiTM phishing and BEC campaign
Microsoft Defender Experts observed a multi-stage adversary-in-the-middle (AiTM) and business email compromise (BEC) attack targeting banking and financial services organizations over two days. This attack originated from a compromised trusted vendor, involved AiTM and BEC attacks across multiple supplier/partner organizations for financial fraud, and did not use a reverse proxy like typical AiTM attacks.
MSTICPy January 2022 hackathon highlights
In January 2022, MSTIC ran its inaugural hack month for the open-source Jupyter and Python Security Tools library, MSTICPy. This blog highlights some of the contributions.
Join us at InfoSec Jupyterthon 2021
We’re excited to invite our community of infosec analysts and engineers to the second annual InfoSec Jupyterthon taking place on December 2-3, 2021. This is an online event organized by Open Threat Research Forge together with Microsoft Threat Intelligence Center (MSTIC).
Exploiting a crisis: How cybercriminals behaved during the outbreak
Cybercriminals adapted their tactics to match what was going on in the world, and what we saw in the threat environment was parallel to the uptick in COVID-19 headlines and the desire for more information.
Full Operational Shutdown—another cybercrime case from the Microsoft Detection and Response Team
Today, we’re glad to share DART Case Report 002—Full Operational Shutdown.
Real-life cybercrime stories from DART, the Microsoft Detection and Response Team
In the new DART Case Reports, you’ll find unique stories from our team’s engagements around the globe. Read the first in the series today.
How Windows Defender Antivirus integrates hardware-based system integrity for informed, extensive endpoint protection
The deep integration of Windows Defender Antivirus with hardware-based isolation capabilities allows the detection of artifacts of attacks that tamper with kernel-mode agents at the hypervisor level.
Analysis of cyberattack on U.S. think tanks, non-profits, public sector by unidentified attackers
Reuters recently reported a hacking campaign focused on a wide range of targets across the globe. In the days leading to the Reuters publication, Microsoft researchers were closely tracking the same campaign.
Keeping browsing experience in users’ hands
Protecting the modern workplace from a wide range of undesirable software Our evaluation criteria describe the characteristics and behavior of malware and potentially unwanted applications and guide the proper identification of threats. Learn how we classify malicious software, unwanted software, and potentially unwanted applications. Read the blog post.
Microsoft updates Trusted Root Certificate Program to reinforce trust in the Internet
At Microsoft, we are continuously working to deliver on our commitment to the security of our customers and their ecosystems. A core component of our strategy to inform Windows users about the safety of the websites, apps and software they’re accessing online is built into the Microsoft Trusted Root Certificate Program.