Select Page
Peach Sandstorm 2023 tradecraft and attack flow diagram.

Peach Sandstorm password spray campaigns enable intelligence collection at high-value targets

Since February 2023, Microsoft has observed password spray activity against thousands of organizations carried out  by an actor we track as Peach Sandstorm (HOLMIUM). Peach Sandstorm is an Iranian nation-state threat actor who has recently pursued organizations in the satellite, ... continue reading
Flax Typhoon attack chain through the initial access, execution, persistence, privilege escalation, defense evasion, credential access, discovery, lateral movement, and command and control stages.

Flax Typhoon using legitimate software to quietly access Taiwanese organizations

Summary Microsoft has identified a nation-state activity group tracked as Flax Typhoon, based in China, that is targeting dozens of organizations in Taiwan with the likely intention of performing espionage. Flax Typhoon gains and maintains long-term access to Taiwanese organizations’ ... continue reading
Graph showing that a survey of participants in United States companies found that 70 percent of security and IT professionals are overwhelmed by their organization’s authentication complexity.

Boost identity protection with Axiad Cloud and Microsoft Entra ID

This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA.  Passwords are a security weakness and phishing attacks to exploit accounts protected by passwords are on the rise. The last 12 months have seen ... continue reading

Adopting guidance from the US National Cybersecurity Strategy to secure the Internet of Things

The recently published United States National Cybersecurity Strategy warns that many popular Internet of Things (IoT) devices are not sufficiently secure to protect against many of today’s common cybersecurity threats.1 The strategy also cautions that many of these IoT devices ... continue reading
Heatmap showing observed Storm-0558 activity by day of the week (x-axis) and hour (y-axis).

Analysis of Storm-0558 techniques for unauthorized email access

Executive summary On July 11, 2023, Microsoft published two blogs detailing a malicious campaign by a threat actor tracked as Storm-0558 that targeted customer email that we’ve detected and mitigated: Microsoft Security Response Center and Microsoft on the Issues. As we ... continue reading
The care and feeding of Azure Arc for Servers

The care and feeding of Azure Arc for Servers

Microsoft Azure has a great set of capabilities for managing non-Azure based servers, including monitoring, policy evaluation, inventory and change tracking, and security tools. Access to those services for non-Azure servers may be via Azure Arc – specifically installation of ... continue reading
BrandonWilson_1-1688836922559.jpeg

Check This Out! (CTO!) Guide (June 2023)

  Hi everyone! Brandon Wilson here once again with this month’s “Check This Out!” (CTO!) guide. These posts are only intended to be your guide, to lead you to some content of interest, and are just a way we are ... continue reading
msfoxworks_1-1686595036725.png

Exploring Configuration Manager Automation Fundamentals – Administration Service

Hello, everyone!   Welcome back to our blog series on automation and API capabilities within Microsoft Configuration Manager. In our previous posts, we explored various aspects such as the SMS Provider, Windows Management Instrumentation (WMI), and PowerShell Cmdlets. Today, we'll ... continue reading

Top 5 Common Deployment Tips for US Government Agencies

Executive Order 14028 (EO 14028), Improving the Nation’s Cybersecurity directs the federal government to improve its efforts to identify, protect against, and respond to malicious cyber campaigns and their actors through bold changes and significant investments in cybersecurity. The Office ... continue reading
msfoxworks_1-1686592634375.png

Exploring Configuration Manager Automation Fundamentals– SMS Provider

Hello!   My name is Herbert Fuchs, and in this blog series, I want to take you on a journey exploring automation and API capabilities within Microsoft Configuration Manager. We will cover the fundamentals, share tips and tricks, and delve ... continue reading