Threat actors

In a special report on cyber influence operations targeting the 2024 U.S. presidential election cycle, Microsoft Threat Intelligence examines Russian campaigns aimed at manipulating public opinion and sowing political discord.

It has been an incredible year for Microsoft Threat Intelligence. The sheer volume of threats and attacks revealed through the more than 65 trillion signals we monitor daily has given us many inflection points, especially as we notice a shift in how threat actors are scaling and leveraging nation state support. The last year has […]

Discover details of Iran’s cyber-enabled influence operations supporting Hamas in Israel. Learn how operations have progressed through different phases of the war, and examine the four key influence tactics, techniques, and procedures (TTPs) Iran favors most.

Explore an evolving digital landscape where trust is both a currency and a vulnerability. Discover the social engineering fraud tactics cyber attackers use most, and review strategies that can help you identify and outmaneuver social engineering threats designed to manipulate human nature.

Russian cyber and influence operations persist as the war in Ukraine continues. Microsoft Threat Intelligence details the latest cyber threat and influence activities over the last six months.

From the increasing sophistication of nation-state threat actors to the power of partnerships in building cyber resilience, the Microsoft Digital Defense Report reveals the latest threat landscape insights and walks through the opportunities and challenges we all face.

Dive in and explore emerging trends in East Asia’s evolving threat landscape, where China conducts both widespread cyber and influence operations (IO), while North Korean cyber threat actors demonstrate growing sophistication.

Microsoft Threat Intelligence China experts Sarah Jones and Judy Ng join Microsoft Threat Intelligence Strategy director Sherrod DeGrippo to discuss the geopolitical landscape while providing advice and insight on modern cybersecurity careers.

Threat intelligence expert Fanta Orr explains how threat intelligence analysis uncovers the “why” behind cyberthreat activity and helps better protect customers who might be vulnerable targets.

What can be expected from the second year of Russia’s hybrid war in Ukraine.

Go behind the scenes in a joint operation between Microsoft, software maker Fortra™, and Health-ISAC to disrupt cracked Cobalt Strike servers and make it harder for cybercriminals to operate.

Microsoft threat intelligence analyst Justin Turner describes the three enduring challenges he’s seen throughout his cybersecurity career: configuration management, patching, and device visibility.

Complex and target-rich, major sporting events and world-renown activities present opportunities for threat actors to disrupt travel, commerce, communication and emergency services, and more. Learn how to manage the vast, external attack surface and defend world event infrastructure

Microsoft attributes several campaigns to a distinct Russian state-sponsored threat actor tracked as Cadet Blizzard, including the WhisperGate destructive attack, Ukrainian website defacements, and the hack-and-leak front “Free Civilian”.

Chinese state-sponsored threat actor Volt Typhoon has been observed using stealthy techniques to target US critical infrastructure, conduct espionage, and dwell in compromised environments.

Learn how Iranian threat actors use BEC attacks to compromise targets. Microsoft’s senior analyst shares insights on their motivations and tactics in this cybersecurity article. Read on to learn more

Discover how Iranian state actors are using cyber-enabled influence operations to fuel geopolitical change. Read more about their tactics here.

Microsoft, Fortra™, and Health Information Sharing and Analysis Center partner to take technical and legal action to disrupt “cracked” legacy copies of Cobalt Strike, used by cybercriminals to distribute malware, including ransomware

More reinforcements have arrived. John Lambert, Threat intelligence leader explains how AI enhances the threat intelligence community.

Microsoft threat intelligence examines a year of cyber and influence operations in Ukraine, uncovers new trends in cyber threats, and what to expect as the war enters its second year.

Microsoft is attributing a recent influence operation targeting French magazine Charlie Hebdo to an Iranian nation-state actor.

In the 2022 edition of the Microsoft Digital Defense Report, Microsoft security experts illuminate today’s threat landscape, providing insights on emerging trends as well as historically persistent threats in the 2022 Microsoft Digital Defense Report.

The 2021 edition Microsoft Digital Defense Report draws on insights, data, and more from trillions of daily security signals from across Microsoft, including the cloud, endpoints, and the intelligent edge.

Introducing the Microsoft Digital Defense Report, a reimagining of the annual Microsoft Security Intelligence Report (SIR) published since 2005.

Explore the ABCs of Threat Hunting Guide to get tips on how to hunt, identify, and mitigate cyberthreats to help become more cyber-resilient.

See what drives criminals to increase DDoS activity during the holidays and learn what you can do to help protect your organization.

Protect your IoT/OT devices by decreasing network vulnerabilities and defending against cyber threats such as ransomware and threat actors.

Emily Hacker, threat intelligence expert talks about ransomware-as-a -service (RaaS), and how to detect pre-ransomware incidents before it is too late.

Ransomware, one of the most persistent and pervasive cyber threats, continues to evolve. Here is an in-depth look at ransomware as a service (Raas), the latest tool of cybercrime.

Cybercrime and counter ransomware expert, Nick Carr, talks about trends in ransomware and what can be done if your organization is affected by a ransomware incident.

How cyber-attacks and cyber influence operations are being used in the war between Russian and the Ukraine.

Guidance for protecting your organization against ransomware.

Discover how to protect your organization from Ransomware-as-a-service (RaaS), a tactic that is gaining serious traction in the world of cybercrime.

Cyberthreat intelligence expert, Steve Ginty, gives tips on steps you can take against threat actors and maintain cybersecurity readiness.

Russ McCree: Partner Director, Operations; Microsoft Security Response Center (MSRC), talks about the importance of cloud security and multifactor authentication (MFA) to help protect against malicious cyberattacks.

Russian threat actors have launched increasingly disruptive and visible cyberattacks against Ukraine and have included activities such as phishing, reconnaissance, and attempts to compromise public information sources.