Trace Id is missing
A network of lights and dots
Spotlight

Threat Actor Insight Tool

Microsoft Security is actively tracking threat actors across observed nation state, ransomware, and criminal activities. These insights represent publicly published activity from Microsoft Security threat researchers and provide a centralized catalog of actor profiles from the referenced blogs
A white box with a blue and black stripe, a flag, and text reading 2024 US Election Russia Update.
Cyber signals

Education under siege

Study up on the cybersecurity challenges facing the education sector. Discover why education has become the third most-targeted industry for cyberattacks and learn what IT and security professionals in the education sector can do to help create safer environments. 
A white box with a blue and black stripe, a flag, and text reading 2024 US Election Russia Update.
Nation State

Russia-linked operators engaged in expansive efforts to influence US voters

In a special report on cyber influence operations targeting the 2024 U.S. presidential election cycle, Microsoft Threat Intelligence examines Russian campaigns aimed at manipulating public opinion and sowing political discord.
A red circles in the sky
Emerging threats

2023 Threat Intelligence Year in Review: Key Insights and Developments

It has been an incredible year for Microsoft Threat Intelligence. The sheer volume of threats and attacks revealed through the more than 65 trillion signals we monitor daily has given us many inflection points, especially as we notice a shift in how threat actors are scaling and leveraging nation state support. The last year has […]
A group of people with a megaphone
Intelligence reports

Iran surges cyber-enabled influence operations in support of Hamas

Discover details of Iran’s cyber-enabled influence operations supporting Hamas in Israel. Learn how operations have progressed through different phases of the war, and examine the four key influence tactics, techniques, and procedures (TTPs) Iran favors most.
A silhouette of a person with a cellphone
Emerging threats

Feeding from the trust economy: social engineering fraud

Explore an evolving digital landscape where trust is both a currency and a vulnerability. Discover the social engineering fraud tactics cyber attackers use most, and review strategies that can help you identify and outmaneuver social engineering threats designed to manipulate human nature.
A computer screen with icons and symbols
Intelligence reports

Russian threat actors dig in, prepare to seize on war fatigue

Russian cyber and influence operations persist as the war in Ukraine continues. Microsoft Threat Intelligence details the latest cyber threat and influence activities over the last six months.
A blue and black background with text 10 essential insights
Intelligence reports

10 essential insights from the Microsoft Digital Defense Report 2023

From the increasing sophistication of nation-state threat actors to the power of partnerships in building cyber resilience, the Microsoft Digital Defense Report reveals the latest threat landscape insights and walks through the opportunities and challenges we all face.
A person sitting in a bean bag with a computer
Intelligence reports

Digital threats from East Asia increase in breadth and effectiveness

Dive in and explore emerging trends in East Asia’s evolving threat landscape, where China conducts both widespread cyber and influence operations (IO), while North Korean cyber threat actors demonstrate growing sophistication.
A person with black hair and security icons
Meet the experts

On the frontlines: Decoding Chinese threat actor tactics and techniques

Microsoft Threat Intelligence China experts Sarah Jones and Judy Ng join Microsoft Threat Intelligence Strategy director Sherrod DeGrippo to discuss the geopolitical landscape while providing advice and insight on modern cybersecurity careers.
A person smiling for a picture
Meet the experts

Putting cyber threat intelligence into geopolitical context

Threat intelligence expert Fanta Orr explains how threat intelligence analysis uncovers the “why” behind cyberthreat activity and helps better protect customers who might be vulnerable targets.
A fingerprint scan on a blue background
Emerging threats

7 emerging hybrid warfare trends from Russia’s cyber war

What can be expected from the second year of Russia’s hybrid war in Ukraine.
A group of people sitting at a table
Practical cyber defense

Inside the fight against hackers who disrupted hospitals and jeopardized lives

Go behind the scenes in a joint operation between Microsoft, software maker Fortra™, and Health-ISAC to disrupt cracked Cobalt Strike servers and make it harder for cybercriminals to operate.
A person standing in front of a white arrow
Meet the experts

Expert profile: Justin Turner

Microsoft threat intelligence analyst Justin Turner describes the three enduring challenges he’s seen throughout his cybersecurity career: configuration management, patching, and device visibility.
A close-up of a tennis court
Intelligence reports

Cyberthreats increasingly target the world’s biggest event stage

Complex and target-rich, major sporting events and world-renown activities present opportunities for threat actors to disrupt travel, commerce, communication and emergency services, and more. Learn how to manage the vast, external attack surface and defend world event infrastructure
A blurry image of a hexagon pattern
Emerging threats

Cadet Blizzard emerges as a novel and distinct Russian threat actor

Microsoft attributes several campaigns to a distinct Russian state-sponsored threat actor tracked as Cadet Blizzard, including the WhisperGate destructive attack, Ukrainian website defacements, and the hack-and-leak front “Free Civilian”.
People walking in front of a white building
Emerging threats

Volt Typhoon targets US critical infrastructure with living-off-the-land techniques

Chinese state-sponsored threat actor Volt Typhoon has been observed using stealthy techniques to target US critical infrastructure, conduct espionage, and dwell in compromised environments.
A person in a suit
Meet the experts

Expert profile: Simeon Kakpovi

Learn how Iranian threat actors use BEC attacks to compromise targets. Microsoft’s senior analyst shares insights on their motivations and tactics in this cybersecurity article. Read on to learn more
A computer screen with security key and a person
Intelligence reports

Iran turning to cyber-enabled influence operations for greater effect

Discover how Iranian state actors are using cyber-enabled influence operations to fuel geopolitical change. Read more about their tactics here.
A screenshot of a basic icons of cell phone
Practical cyber defense

Stopping cybercriminals from abusing security tools

Microsoft, Fortra™, and Health Information Sharing and Analysis Center partner to take technical and legal action to disrupt “cracked” legacy copies of Cobalt Strike, used by cybercriminals to distribute malware, including ransomware
A blue shield with a white padlock on it
Emerging threats

Security is only as good as your threat intelligence

More reinforcements have arrived. John Lambert, Threat intelligence leader explains how AI enhances the threat intelligence community.
A computer screen with icons of servers and shield
Intelligence reports

The cyber and influence operations of the war in Ukraine’s digital battlefield

Microsoft threat intelligence examines a year of cyber and influence operations in Ukraine, uncovers new trends in cyber threats, and what to expect as the war enters its second year.
A network of lights and dots
Intelligence reports

Iran responsible for Charlie Hebdo attacks

Microsoft is attributing a recent influence operation targeting French magazine Charlie Hebdo to an Iranian nation-state actor.
A blue, gray and green circular pattern
Intelligence reports

Microsoft Digital Defense Report 2022

In the 2022 edition of the Microsoft Digital Defense Report, Microsoft security experts illuminate today’s threat landscape, providing insights on emerging trends as well as historically persistent threats in the 2022 Microsoft Digital Defense Report.
Intelligence reports

Microsoft Digital Defense Report 2021

The 2021 edition Microsoft Digital Defense Report draws on insights, data, and more from trillions of daily security signals from across Microsoft, including the cloud, endpoints, and the intelligent edge.
A purple and black dotted background
Intelligence reports

Microsoft Digital Defense Report 2020

Introducing the Microsoft Digital Defense Report, a reimagining of the annual Microsoft Security Intelligence Report (SIR) published since 2005.
A logo of ABC letters and arrows
Practical cyber defense

The ABCs of Threat Hunting

Explore the ABCs of Threat Hunting Guide to get tips on how to hunt, identify, and mitigate cyberthreats to help become more cyber-resilient.
A shield with coins and a wind
Emerging threats

Protecting yourself from holiday-season DDoS attacks

See what drives criminals to increase DDoS activity during the holidays and learn what you can do to help protect your organization.
A computer screen with icons and a phone
Emerging threats

The unique security risk of IoT/OT devices

Protect your IoT/OT devices by decreasing network vulnerabilities and defending against cyber threats such as ransomware and threat actors.
A person in black shirt
Meet the experts

Expert profile: Emily Hacker

Emily Hacker, threat intelligence expert talks about ransomware-as-a -service (RaaS), and how to detect pre-ransomware incidents before it is too late.
A Yellow white circle and colorful dots
Intelligence reports

Extortion economics

Ransomware, one of the most persistent and pervasive cyber threats, continues to evolve. Here is an in-depth look at ransomware as a service (Raas), the latest tool of cybercrime.
A person smiling at the camera
Meet the experts

Expert profile: Nick Carr

Cybercrime and counter ransomware expert, Nick Carr, talks about trends in ransomware and what can be done if your organization is affected by a ransomware incident.
Intelligence reports

Defending Ukraine: Early Lessons from the Cyber War

How cyber-attacks and cyber influence operations are being used in the war between Russian and the Ukraine.
A person looking at computer screens
Emerging threats

Protect your organization from ransomware

Guidance for protecting your organization against ransomware.
A red and white arrows on a gray and red background
Emerging threats

Ransomware as a service: The new face of industrialized cybercrime

Discover how to protect your organization from Ransomware-as-a-service (RaaS), a tactic that is gaining serious traction in the world of cybercrime.
A person smiling in front of a red and white background
Meet the experts

Expert profile: Steve Ginty

Cyberthreat intelligence expert, Steve Ginty, gives tips on steps you can take against threat actors and maintain cybersecurity readiness.
A person wearing glasses and a striped shirt
Meet the experts

Expert Profile: Russ McRee

Russ McCree: Partner Director, Operations; Microsoft Security Response Center (MSRC), talks about the importance of cloud security and multifactor authentication (MFA) to help protect against malicious cyberattacks.
A map of europe with different countries/regions
Intelligence reports

Special Report: Ukraine

Russian threat actors have launched increasingly disruptive and visible cyberattacks against Ukraine and have included activities such as phishing, reconnaissance, and attempts to compromise public information sources.
Abstract graphic of concentric circles in green, yellow, and white on a gray background.
Woman reading a book on a leather sofa in a cozy living room setting.
Get started

Join Microsoft events

Expand your expertise, learn new skills and build community with Microsoft events and learning opportunities.
A woman reading from a tablet while standing outside a building.
Talk to us

Join Microsoft’s tech community

Stay connected with 60k+ members and see latest community discussions on security, compliance, and identity.

Follow Microsoft Security