New Threat Actor Intel Profiles Added to MDTI

The Microsoft (MDTI) team has recently launched twenty-six new threat actor Intel Profiles and more than 50 additional articles customers can leverage immediately to take an intel-led approach to defend their organization from the latest threats. 

Intel Profiles are a single source of information that fully licensed security operations teams can use for instant insight into the threat ecosystem. Users can rapidly identify adversary-threat infrastructure and access actionable indicators of compromise (IOCs) and in-depth analysis of tools, tactics, and procedures (TTPs) drawn directly from threat infrastructure, including history, distribution, and trends. They also include recommended actions and guided insights about geolocation, industry, and targets.

Intel profiles are updated daily via automated discovery and continuous scanning across the worldwide attack surface and maintained by the Microsoft community, which tracks over 300 threat actor groups, including 160 nation-state actors and over 50 ransomware groups. This team comprises over 8,000 experts across 77 countries, fluent in key languages. Members specialize in threat actor research, threat infrastructure research, endpoint threat research, ecosystem vulnerability research, incident response, geopolitics, linguistics, and more.

The new Intel profiles, which include Volt Typhoon and Satin Sandstorm, reflect Microsoft's New threat actor naming taxonomy aligning with the theme of weather. This new convention brings better clarity to customers and other security researchers already confronted with overwhelming threat intelligence data. In the new taxonomy, threat actor groups are named after weather events, which are universal forces we must all counteract and adapt to – just like cyber threats.

Volt Typhoon, a Chinese hacking group recently identified by Microsoft, targets critical infrastructure environments in the US to disrupt communications with Asia Pacific. Microsoft assesses with moderate confidence is pursuing the development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises.

New Intel Profiles Include Volt Typhoon, Mango Sandstorm, and Melon TyphoonNew Intel Profiles Include Volt Typhoon, Mango Sandstorm, and Melon Typhoon

Microsoft Threat Intelligence 

Threat intelligence is one of Microsoft's most significant investment areas, giving customers one of the highest-fidelity views of threats. Microsoft threat intelligence taps into massive telemetry comprised of more than 65 trillion signals collected from managing and defending four of the world's largest public clouds, Microsoft 365, Azure, and Dynamics 365. Microsoft also protects over 1.5B assets embedded across the planet, including mobile devices, servers, IoT devices, PCs, and a graph of the entire internet updated daily. Microsoft's tools and systems, along with expert researchers, engineers, and security products, blocked 9B endpoint threats, 31B identity threats, and 32B email threats in just a year.

Begin Using Intel Profiles Today 

Begin your MDTI Premium free trial today to tap into Microsoft Threat Intelligence, including Intel Profiles, articles, and data sets found nowhere else, enabling your team to take its investigations to the next level.  

Questions 

We hope this blog helps you understand the value MDTI can provide. If you have inquiries regarding threat intelligence use cases mentioned or not mentioned in this blog and are not currently working with a MDTI Technical Specialist or Global Black Belt, please comment below or email mdti-pm@microsoft.com.

Feedback 

We would love to hear your ideas to improve our MDTI platform or where our threat intelligence could be used elsewhere across the Microsoft Security ecosystem or other security third-party applications. Feel free to comment below or email mdti-pm@microsoft.com to share that feedback. If you are currently working with a MDTI Technical Specialist or Global Black Belt through this PoC, please communicate your requested use cases and product feedback to them directly.

Learn About New MDTI Features 

Please join our Cloud Security Private Community. Users that would like to help influence the direction and strategy of our MDTI product are encouraged to sign-up for our Private Preview events. Those participating will earn credit for respective Microsoft product badges delivered by Credly.

Additional Resources 

What is Microsoft Defender Threat Intelligence (MDTI)? | Microsoft Learn

Microsoft Defender Threat Intelligence Blog – Microsoft Community Hub

Become a Microsoft Defender Threat Intelligence Ninja: The complete level 400 training

 

This article was originally published by Microsoft's Defender Threat Intelligence Blog. You can find the original article here.