Destructive malware targeting Ukrainian organizations
Microsoft Threat Intelligence Center (MSTIC) has identified evidence of a destructive malware operation targeting multiple organizations in Ukraine. This malware first appeared on victim systems in Ukraine on January 13, 2022. Microsoft is aware of the ongoing geopolitical events in ... continue reading

Learn about 4 approaches to comprehensive security that help leaders be fearless
The last 18 months have put unprecedented pressure on organizations to speed up their digital transformation as remote and hybrid work continue to become the new normal. Yet even with all the change and uncertainty, having the right security support ... continue reading
Your guide to mobile digital forensics
The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Security Product Marketing Manager Natalia Godyla talks with Cellebrite ... continue reading

A closer look at Qakbot’s latest building blocks (and how to knock them down)
Multiple Qakbot campaigns that are active at any given time prove that the decade-old malware continues to be many attackers’ tool of choice, a customizable chameleon that adapts to suit the needs of the multiple threat actor groups that utilize ... continue reading

New research shows IoT and OT innovation is critical to business but comes with significant risks
The need for much improved IoT and operational technology (OT) cybersecurity became clearer this year with recent attacks on network devices,1 surveillance systems,2 an oil pipeline,3 and a water treatment facility,4 to name a few examples. To better understand the ... continue reading

Improve kernel security with the new Microsoft Vulnerable and Malicious Driver Reporting Center
Windows 10 and Windows 11 have continued to raise the security bar for drivers running in the kernel. Kernel-mode driver publishers must pass the Hardware Lab Kit (HLK) compatibility tests, malware scanning, and prove their identity through extended validation (EV) ... continue reading

New Secured-core servers are now available from the Microsoft ecosystem to help secure your infrastructure
In the current pandemic-driven remote work environments, security has become increasingly important. Earlier this year, Colonial Pipeline, one of the leading suppliers of fuel on the East Coast of the United States, was hit by a ransomware attack.1 This caused ... continue reading

Structured threat hunting: One way Microsoft Threat Experts prioritizes customer defense
Today’s threat landscape is incredibly fast-paced. New campaigns surface all the time, and the amount of damage that they can cause is not always immediately apparent. Security operations centers (SOCs) must be equipped with the tools and insight to identify ... continue reading
Protect against phishing with Attack Simulation Training in Microsoft Defender for Office 365
Sophisticated cyberattacks are on the rise, with email phishing as the most common attack vector. We’ve seen it all over the news with stories like Hafnium that targeted Exchange servers1 or the Nobelium attack against SolarWinds,2 which show just how ... continue reading

Evolving trends in Iranian threat actor activity – MSTIC presentation at CyberWarCon 2021
Over the past year, the Microsoft Threat Intelligence Center (MSTIC) has observed a gradual evolution of the tools, techniques, and procedures employed by malicious network operators based in Iran. At CyberWarCon 2021, MSTIC analysts presented their analysis of these trends ... continue reading