
When coin miners evolve, Part 1: Exposing LemonDuck and LemonCat, modern mining malware infrastructure
[Note: In this two-part blog series, we expose a modern malware infrastructure and provide guidance for protecting against the wide range of threats it enables. Part 1 covers the evolution of the threat, how it spreads, and how it impacts ... continue reading
Windows 11 enables security by design from the chip to the cloud
Over the last year, PCs have kept us connected to family, friends, and enabled businesses to continue to run. This new hybrid work paradigm has got us thinking about how we will continue to deliver the best possible quality, experience, ... continue reading

Behind the scenes of business email compromise: Using cross-domain threat data to disrupt a large BEC campaign
Microsoft 365 Defender researchers recently uncovered and disrupted a large-scale business email compromise (BEC) infrastructure hosted in multiple web services. Attackers used this cloud-based infrastructure to compromise mailboxes via phishing and add forwarding rules, enabling these attackers to get access ... continue reading

Optimize security with Azure Firewall solution for Azure Sentinel
Security is a constant balance between proactive and reactive defenses. They are both equally important, and neither can be neglected. Effectively protecting your organization means constantly optimizing both prevention and detection. That’s why we’re excited to announce a seamless integration ... continue reading

Breaking down NOBELIUM’s latest early-stage toolset
As we reported in earlier blog posts, the threat actor NOBELIUM recently intensified an email-based attack that it has been operating and evolving since early 2021. We continue to monitor this active attack and intend to post additional details as ... continue reading

New sophisticated email-based attack from NOBELIUM
Microsoft Threat Intelligence Center (MSTIC) has uncovered a wide-scale malicious email campaign operated by NOBELIUM, the threat actor behind the attacks against SolarWinds, the SUNBURST backdoor, TEARDROP malware, GoldMax malware, and other related components. The campaign, initially observed and tracked ... continue reading

Phorpiex morphs: How a longstanding botnet persists and thrives in the current threat environment
Phorpiex, an enduring botnet known for extortion campaigns and for using old-fashioned worms that spread via removable USB drives and instant messaging apps, began diversifying its infrastructure in recent years to become more resilient and to deliver more dangerous payloads ... continue reading
New identity partnerships and integrations to accelerate your Zero Trust journey
This month, our team is busy participating in several industry events – the RSA Conference, Gartner IAM and Microsoft Build – and sharing the new partnerships and integrations we’ve developed to help support your Zero Trust strategy. Reflecting on last ... continue reading

Securing a new world of hybrid work: What to know and what to do
The cybersecurity landscape has fundamentally changed, as evidenced by large-scale, complex attacks like Nobelium, Hafnium, and more recently last week’s Colonial Pipeline attack, which signals that human-operated ransomware is on the rise. Hackers launch an average of 50 million password ... continue reading

Business email compromise campaign targets wide range of orgs with gift card scam
Cybercriminals continue to target businesses to trick recipients into approving payments, transferring funds, or, in this case, purchasing gift cards. This kind of email attack is called business email compromise (BEC)—a damaging form of phishing designed to gain access to ... continue reading