Select Page
Protecting customers from a private-sector offensive actor using 0-day exploits and DevilsTongue malware

Protecting customers from a private-sector offensive actor using 0-day exploits and DevilsTongue malware

The Microsoft Threat Intelligence Center (MSTIC) alongside the Microsoft Security Response Center (MSRC) has uncovered a private-sector offensive actor, or PSOA, that we are calling SOURGUM in possession of now-patched, Windows 0-day exploits (CVE-2021-31979 and CVE-2021-33771). Private-sector offensive actors are ... continue reading

How Microsoft Security empowers partners to build customer trust

As I reflect on my first year at Microsoft, it was both challenging and exceptional: from my remote onboarding in the middle of a pandemic to dramatic changes in the cyber landscape, to Microsoft’s critical role as a frontline responder ... continue reading
Learn about Azure VMware Solution migrations

Learn about Azure VMware Solution migrations

In the early 2000s, before the arrival of Hyper-V, I learned how to run multiple servers on one piece of hardware using VMware Workstation. This gave our small organisation a level of local redundancy, running two internal clustered Lotus Domino ... continue reading
Azure Arc Overview

Azure Arc for Cloud Solutions Architects

Azure Arc and the Azure control plane enables Cloud Solutions Architects to build hybrid and mutlicloud architectures. Taking advantage of the Azure control plane to manage infrastructure and allows to deploy Azure services anywhere. This allows customers to build cloud ... continue reading
MITRE ATT&CK® mappings released for built-in Azure security controls

MITRE ATT&CK® mappings released for built-in Azure security controls

The Security Stack Mappings for Azure research project was published today, introducing a library of mappings that link built-in Azure security controls to the MITRE ATT&CK® techniques they mitigate against. Microsoft once again worked with the Center for Threat-Informed Defense ... continue reading
Behind the scenes of business email compromise: Using cross-domain threat data to disrupt a large BEC campaign

Behind the scenes of business email compromise: Using cross-domain threat data to disrupt a large BEC campaign

Microsoft 365 Defender researchers recently uncovered and disrupted a large-scale business email compromise (BEC) infrastructure hosted in multiple web services. Attackers used this cloud-based infrastructure to compromise mailboxes via phishing and add forwarding rules, enabling these attackers to get access ... continue reading
Customize cost data visualizations with Azure Workbooks and Azure Cost Management

Customize cost data visualizations with Azure Workbooks and Azure Cost Management

Azure Workbooks have become a standard data visualization tool inside Azure. After starting in Azure Monitor, they now are also in Azure Sentinel, and Azure Security Center. Workbooks are incredibly dynamic, allowing you to create parameters that can be used ... continue reading
Breaking down NOBELIUM’s latest early-stage toolset

Breaking down NOBELIUM’s latest early-stage toolset

As we reported in earlier blog posts, the threat actor NOBELIUM recently intensified an email-based attack that it has been operating and evolving since early 2021. We continue to monitor this active attack and intend to post additional details as ... continue reading
Example Flow of HMTL/ISO infection chain.

New sophisticated email-based attack from NOBELIUM

Microsoft Threat Intelligence Center (MSTIC) has uncovered a wide-scale malicious email campaign operated by NOBELIUM, the threat actor behind the attacks against SolarWinds, the SUNBURST backdoor, TEARDROP malware, GoldMax malware, and other related components. The campaign, initially observed and tracked ... continue reading
World map showing global distribution of Phorpiex botnet ativity

Phorpiex morphs: How a longstanding botnet persists and thrives in the current threat environment

Phorpiex, an enduring botnet known for extortion campaigns and for using old-fashioned worms that spread via removable USB drives and instant messaging apps, began diversifying its infrastructure in recent years to become more resilient and to deliver more dangerous payloads ... continue reading