Register now to watch the on-demand web seminar featuring Microsoft Digital Defense Report 2024 insights.
Threat actors
Spotlight
Threat Actor Insight Tool
Microsoft Security is actively tracking threat actors across observed nation state, ransomware, and criminal activities. These insights represent publicly published activity from Microsoft Security threat researchers and provide a centralized catalog of actor profiles from the referenced blogs
AI
Emerging AI tactics in use by threat actors
Microsoft Threat Intelligence experts discuss AI's role in cyber threats, noting its use by nation state actors for disinformation and by criminals for scripting and social engineering.
Cyber signals
Education under siege
Study up on the cybersecurity challenges facing the education sector. Discover why education has become the third most-targeted industry for cyberattacks and learn what IT and security professionals in the education sector can do to help create safer environments.
Nation State
Russia-linked operators engaged in expansive efforts to influence US voters
In a special report on cyber influence operations targeting the 2024 U.S. presidential election cycle, Microsoft Threat Intelligence examines Russian campaigns aimed at manipulating public opinion and sowing political discord.
Emerging threats
2023 Threat Intelligence Year in Review: Key Insights and Developments
It has been an incredible year for Microsoft Threat Intelligence. The sheer volume of threats and attacks revealed through the more than 65 trillion signals we monitor daily has given us many inflection points, especially as we notice a shift in how threat actors are scaling and leveraging nation state support. The last year has […]
Intelligence reports
Iran surges cyber-enabled influence operations in support of Hamas
Discover details of Iran’s cyber-enabled influence operations supporting Hamas in Israel. Learn how operations have progressed through different phases of the war, and examine the four key influence tactics, techniques, and procedures (TTPs) Iran favors most.
Emerging threats
Feeding from the trust economy: social engineering fraud
Explore an evolving digital landscape where trust is both a currency and a vulnerability. Discover the social engineering fraud tactics cyber attackers use most, and review strategies that can help you identify and outmaneuver social engineering threats designed to manipulate human nature.
Intelligence reports
Russian threat actors dig in, prepare to seize on war fatigue
Russian cyber and influence operations persist as the war in Ukraine continues. Microsoft Threat Intelligence details the latest cyber threat and influence activities over the last six months.
Intelligence reports
10 essential insights from the Microsoft Digital Defense Report 2023
From the increasing sophistication of nation-state threat actors to the power of partnerships in building cyber resilience, the Microsoft Digital Defense Report reveals the latest threat landscape insights and walks through the opportunities and challenges we all face.
Intelligence reports
Digital threats from East Asia increase in breadth and effectiveness
Dive in and explore emerging trends in East Asia’s evolving threat landscape, where China conducts both widespread cyber and influence operations (IO), while North Korean cyber threat actors demonstrate growing sophistication.
Meet the experts
On the frontlines: Decoding Chinese threat actor tactics and techniques
Microsoft Threat Intelligence China experts Sarah Jones and Judy Ng join Microsoft Threat Intelligence Strategy director Sherrod DeGrippo to discuss the geopolitical landscape while providing advice and insight on modern cybersecurity careers.
Meet the experts
Putting cyber threat intelligence into geopolitical context
Threat intelligence expert Fanta Orr explains how threat intelligence analysis uncovers the “why” behind cyberthreat activity and helps better protect customers who might be vulnerable targets.
Emerging threats
7 emerging hybrid warfare trends from Russia’s cyber war
What can be expected from the second year of Russia’s hybrid war in Ukraine.
Practical cyber defense
Inside the fight against hackers who disrupted hospitals and jeopardized lives
Go behind the scenes in a joint operation between Microsoft, software maker Fortra™, and Health-ISAC to disrupt cracked Cobalt Strike servers and make it harder for cybercriminals to operate.
Meet the experts
Expert profile: Justin Turner
Microsoft threat intelligence analyst Justin Turner describes the three enduring challenges he’s seen throughout his cybersecurity career: configuration management, patching, and device visibility.
Intelligence reports
Cyberthreats increasingly target the world’s biggest event stage
Complex and target-rich, major sporting events and world-renown activities present opportunities for threat actors to disrupt travel, commerce, communication and emergency services, and more. Learn how to manage the vast, external attack surface and defend world event infrastructure
Emerging threats
Cadet Blizzard emerges as a novel and distinct Russian threat actor
Microsoft attributes several campaigns to a distinct Russian state-sponsored threat actor tracked as Cadet Blizzard, including the WhisperGate destructive attack, Ukrainian website defacements, and the hack-and-leak front “Free Civilian”.
Emerging threats
Volt Typhoon targets US critical infrastructure with living-off-the-land techniques
Chinese state-sponsored threat actor Volt Typhoon has been observed using stealthy techniques to target US critical infrastructure, conduct espionage, and dwell in compromised environments.
Meet the experts
Expert profile: Simeon Kakpovi
Learn how Iranian threat actors use BEC attacks to compromise targets. Microsoft’s senior analyst shares insights on their motivations and tactics in this cybersecurity article. Read on to learn more
Intelligence reports
Iran turning to cyber-enabled influence operations for greater effect
Discover how Iranian state actors are using cyber-enabled influence operations to fuel geopolitical change. Read more about their tactics here.
Practical cyber defense
Stopping cybercriminals from abusing security tools
Microsoft, Fortra™, and Health Information Sharing and Analysis Center partner to take technical and legal action to disrupt “cracked” legacy copies of Cobalt Strike, used by cybercriminals to distribute malware, including ransomware
Emerging threats
Security is only as good as your threat intelligence
More reinforcements have arrived. John Lambert, Threat intelligence leader explains how AI enhances the threat intelligence community.
Intelligence reports
The cyber and influence operations of the war in Ukraine’s digital battlefield
Microsoft threat intelligence examines a year of cyber and influence operations in Ukraine, uncovers new trends in cyber threats, and what to expect as the war enters its second year.
Intelligence reports
Iran responsible for Charlie Hebdo attacks
Microsoft is attributing a recent influence operation targeting French magazine Charlie Hebdo to an Iranian nation-state actor.
Intelligence reports
Microsoft Digital Defense Report 2022
In the 2022 edition of the Microsoft Digital Defense Report, Microsoft security experts illuminate today’s threat landscape, providing insights on emerging trends as well as historically persistent threats in the 2022 Microsoft Digital Defense Report.
Intelligence reports
Microsoft Digital Defense Report 2021
The 2021 edition Microsoft Digital Defense Report draws on insights, data, and more from trillions of daily security signals from across Microsoft, including the cloud, endpoints, and the intelligent edge.
Intelligence reports
Microsoft Digital Defense Report 2020
Introducing the Microsoft Digital Defense Report, a reimagining of the annual Microsoft Security Intelligence Report (SIR) published since 2005.
Practical cyber defense
The ABCs of Threat Hunting
Explore the ABCs of Threat Hunting Guide to get tips on how to hunt, identify, and mitigate cyberthreats to help become more cyber-resilient.
Emerging threats
Protecting yourself from holiday-season DDoS attacks
See what drives criminals to increase DDoS activity during the holidays and learn what you can do to help protect your organization.
Emerging threats
The unique security risk of IoT/OT devices
Protect your IoT/OT devices by decreasing network vulnerabilities and defending against cyber threats such as ransomware and threat actors.
Meet the experts
Expert profile: Emily Hacker
Emily Hacker, threat intelligence expert talks about ransomware-as-a -service (RaaS), and how to detect pre-ransomware incidents before it is too late.
Intelligence reports
Extortion economics
Ransomware, one of the most persistent and pervasive cyber threats, continues to evolve. Here is an in-depth look at ransomware as a service (Raas), the latest tool of cybercrime.
Meet the experts
Expert profile: Nick Carr
Cybercrime and counter ransomware expert, Nick Carr, talks about trends in ransomware and what can be done if your organization is affected by a ransomware incident.
Intelligence reports
Defending Ukraine: Early Lessons from the Cyber War
How cyber-attacks and cyber influence operations are being used in the war between Russian and the Ukraine.
Emerging threats
Protect your organization from ransomware
Guidance for protecting your organization against ransomware.
Emerging threats
Ransomware as a service: The new face of industrialized cybercrime
Discover how to protect your organization from Ransomware-as-a-service (RaaS), a tactic that is gaining serious traction in the world of cybercrime.
Meet the experts
Expert profile: Steve Ginty
Cyberthreat intelligence expert, Steve Ginty, gives tips on steps you can take against threat actors and maintain cybersecurity readiness.
Meet the experts
Expert Profile: Russ McRee
Russ McCree: Partner Director, Operations; Microsoft Security Response Center (MSRC), talks about the importance of cloud security and multifactor authentication (MFA) to help protect against malicious cyberattacks.
Intelligence reports
Special Report: Ukraine
Russian threat actors have launched increasingly disruptive and visible cyberattacks against Ukraine and have included activities such as phishing, reconnaissance, and attempts to compromise public information sources.
Get started
Join Microsoft events
Expand your expertise, learn new skills and build community with Microsoft events and learning opportunities.
Talk to us
Join Microsoft’s tech community
Stay connected with 60k+ members and see latest community discussions on security, compliance, and identity.
Follow Microsoft Security