Table of Contents:Case SummaryAnalystsInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCommand and ControlExfiltrationImpactTimelineDiamond ModelIndicatorsDetectionsMITRE ATT&CKCase SummaryIn late June 2024, an unpatched Confluence...
On August 19, 2024, Microsoft identified a North Korean threat actor exploiting a zero-day vulnerability in Chromium, now identified as...
Between April and July 2024, Microsoft observed Iranian state-sponsored threat actor Peach Sandstorm deploying a new custom multi-stage backdoor, which...
Microsoft researchers recently identified multiple medium severity vulnerabilities in OpenVPN, an open-source project with binaries integrated into routers, firmware, PCs,...
Microsoft researchers have uncovered a vulnerability in ESXi hypervisors being exploited by several ransomware operators to obtain full administrative permissions...
On July 25, 2024, the United States Department of Justice (DOJ) indicted an individual linked to the North Korean threat...
Microsoft discovered and responsibly disclosed two vulnerabilities in Rockwell Automation PanelView Plus that could be remotely exploited by unauthenticated attackers,...
In generative AI, jailbreaks, also known as direct prompt injection attacks, are malicious user inputs that attempt to circumvent an...
Generative AI systems are made up of multiple components that interact to provide a rich user experience between the human...
Since mid-April 2024, Microsoft Threat Intelligence has observed the threat actor Storm-1811 misusing the client management tool Quick Assist to...
Microsoft discovered a path traversal-affiliated vulnerability pattern in multiple popular Android applications that could enable a malicious application to overwrite...
Microsoft Threat Intelligence is publishing results of our longstanding investigation into activity by the Russian-based threat actor Forest Blizzard (STRONTIUM)...
Attackers are constantly seeking new vulnerabilities to compromise Kubernetes environments. Microsoft recently uncovered an attack that exploits new critical vulnerabilities...
As we continue to integrate generative AI into our daily lives, it’s important to understand the potential harms that can...
Cybercriminals use social engineering during holidays and important events like tax season to steal user information. Our new Microsoft Threat...
Microsoft Threat Intelligence has uncovered a supply chain attack by the North Korea-based threat actor Diamond Sleet (ZINC) involving a...
Microsoft Threat Intelligence continues to track and disrupt malicious activity attributed to a Russian state-sponsored actor we track as Star...
Microsoft discovered, responsibly disclosed, and helped remediate four vulnerabilities that could be remotely exploited by unauthenticated attackers in Perforce Helix...
Since mid-November 2023, Microsoft Threat Intelligence has observed threat actors, including financially motivated actors like Storm-0569, Storm-1113, Sangria Tempest, and...
Threat actors are misusing OAuth applications as an automation tool in financially motivated attacks. OAuth is an open standard for...
Jupyter notebooks are continuing to grow in popularity in information security as an alternative or supplement to mainstream security operations...
Over the last year, the speed, scale, and sophistication of attacks has increased alongside the rapid development and adoption of...
Since November 2023, Microsoft has observed a distinct subset of Mint Sandstorm (PHOSPHORUS) targeting high-profile individuals working on Middle Eastern...
The Microsoft security team detected a nation-state attack on our corporate systems on January 12, 2024, and immediately activated our...
