Select Page
Peach Sandstorm 2023 tradecraft and attack flow diagram.

Peach Sandstorm password spray campaigns enable intelligence collection at high-value targets

Since February 2023, Microsoft has observed password spray activity against thousands of organizations carried out  by an actor we track as Peach Sandstorm (HOLMIUM). Peach Sandstorm is an Iranian nation-state threat actor who has recently pursued organizations in the satellite, ... continue reading
Satellite dish sky sunset

Accelerating the pace of innovation with Azure Space and our partners

Azure Space innovating into the future Today, I’m excited to share some news spanning the full spectrum of space industry use cases, including: Real-world examples of how Azure Orbital Ground Station is enabling both space agencies and start-ups with new ways ... continue reading
Flax Typhoon attack chain through the initial access, execution, persistence, privilege escalation, defense evasion, credential access, discovery, lateral movement, and command and control stages.

Flax Typhoon using legitimate software to quietly access Taiwanese organizations

Summary Microsoft has identified a nation-state activity group tracked as Flax Typhoon, based in China, that is targeting dozens of organizations in Taiwan with the likely intention of performing espionage. Flax Typhoon gains and maintains long-term access to Taiwanese organizations’ ... continue reading
Graph showing that a survey of participants in United States companies found that 70 percent of security and IT professionals are overwhelmed by their organization’s authentication complexity.

Boost identity protection with Axiad Cloud and Microsoft Entra ID

This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA.  Passwords are a security weakness and phishing attacks to exploit accounts protected by passwords are on the rise. The last 12 months have seen ... continue reading
Screenshot of Microsoft TEams message request from an account controlled by the threat actor Midnight Blizzard

Midnight Blizzard conducts targeted social engineering over Microsoft Teams

Microsoft Threat Intelligence has identified highly targeted social engineering attacks using credential theft phishing lures sent as Microsoft Teams chats by the threat actor that Microsoft tracks as Midnight Blizzard (previously tracked as NOBELIUM). This latest attack, combined with past ... continue reading
Chart showing the Microsoft Partner Ecosystem categories of Information Protection, Inspire Risk Management, and Data Loss Prevention.

New Microsoft identity and data security capabilities to accelerate CMMC compliance for the Defense Industrial Base

As Department of Defense (DoD) Chief Information Officer Hon. John Sherman said recently, Cybersecurity Maturity Model Certification (CMMC) is necessary to ensure that the United States raises the bar for protecting sensitive information.1 The DoD is leading by example towards ... continue reading

​​Expanding cloud logging to give customers deeper security visibility

In response to the increasing frequency and evolution of nation-state cyberthreats, Microsoft is taking additional steps to protect our customers and increase the secure-by-default baseline of our cloud platforms. These steps are the result of close coordination with commercial and ... continue reading
Advancing Modern Strong Authentication

Advancing Modern Strong Authentication

In a previous blog, It's Time to Hang Up on Phone Transports for Authentication, I wrote about the vulnerabilities of multifactor authentication (MFA) mechanisms such as SMS and voice. A recent MFA research study from Microsoft concludes that SMS is ... continue reading
Heatmap showing observed Storm-0558 activity by day of the week (x-axis) and hour (y-axis).

Analysis of Storm-0558 techniques for unauthorized email access

Executive summary On July 11, 2023, Microsoft published two blogs detailing a malicious campaign by a threat actor tracked as Storm-0558 that targeted customer email that we’ve detected and mitigated: Microsoft Security Response Center and Microsoft on the Issues. As we ... continue reading
Storm-0978 attacks reveal financial and espionage motives

Storm-0978 attacks reveal financial and espionage motives

Microsoft has identified a phishing campaign conducted by the threat actor tracked as Storm-0978 targeting defense and government entities in Europe and North America. The campaign involved the abuse of CVE-2023-36884, which included a remote code execution vulnerability exploited before ... continue reading