Microsoft security researchers continue to investigate and respond to the sophisticated cyberattack known as Solorigate (also referred to as Sunburst by FireEye) involving a supply chain compromise and the subsequent compromise of cloud assets. While the related investigations and impact ... continue reading

We, along with the security industry and our partners, continue to investigate the extent of the Solorigate attack. While investigations are underway, we want to provide the defender community with intelligence to understand the scope, impact, remediation guidance, and product ... continue reading

Microsoft is monitoring a dynamic threat environment surrounding the discovery of a sophisticated attack that included compromised binaries from a legitimate software. These binaries, which are related to the SolarWinds Orion Platform, could be used by attackers to remotely access ... continue reading

We are happy to announce the general availability of endpoint detection and response (EDR) in block mode in Microsoft Defender for Endpoint. EDR in block mode turns EDR detections into real-time blocking of malicious behaviors, malware, and artifacts. It uses ... continue reading

As announced today, Microsoft took action against the Trickbot botnet, disrupting one of the world’s most persistent malware operations. Microsoft worked with telecommunications providers around the world to disrupt key Trickbot infrastructure. As a result, operators will no longer be ... continue reading

As the global crisis around COVID-19 continues, security teams have been forced to adapt to a rapidly evolving security landscape. Schools, businesses, and healthcare organizations are all getting work done from home on a variety of devices and locations, extending ... continue reading

The world has changed in unprecedented ways in the last several weeks due to the coronavirus pandemic. While it has brought out the best in humanity in many ways, as with any crisis it can also attract the worst in ... continue reading

In today’s threat landscape—overrun by fileless malware that live off the land, highly polymorphic threats that mutate faster than traditional solutions can keep up with, human-operated attacks that adapt to what adversaries find on compromised machines, and other sophisticated threats—behavioral ... continue reading

Many of today’s threats evolve to incorporate as many living-off-the-land techniques as possible into the attack chain. The PowerShell-based downloader Trojan known as sLoad, however, puts all its bets on BITS. Background Intelligent Transfer Service (BITS) is a component of ... continue reading

Microsoft Threat Intelligence Center (MSTIC) is raising awareness of the ongoing activity by a group we call GALLIUM, targeting telecommunication providers. When Microsoft customers have been targeted by this activity, we notified them directly with the relevant information they need ... continue reading