North Korean threat actor Citrine Sleet exploiting Chromium zero-day
On August 19, 2024, Microsoft identified a North Korean threat actor exploiting a zero-day vulnerability in Chromium, now identified as...
threat intelligence
Peach Sandstorm deploys new custom Tickler malware in long-running intelligence gathering operations
Between April and July 2024, Microsoft observed Iranian state-sponsored threat actor Peach Sandstorm deploying a new custom multi-stage backdoor, which...
Chained for attack: OpenVPN vulnerabilities discovered leading to RCE and LPE
Microsoft researchers recently identified multiple medium severity vulnerabilities in OpenVPN, an open-source project with binaries integrated into routers, firmware, PCs,...
Ransomware operators exploit ESXi hypervisor vulnerability for mass encryption
Microsoft researchers have uncovered a vulnerability in ESXi hypervisors being exploited by several ransomware operators to obtain full administrative permissions...
Onyx Sleet uses array of malware to gather intelligence for North Korea
On July 25, 2024, the United States Department of Justice (DOJ) indicted an individual linked to the North Korean threat...
Vulnerabilities in PanelView Plus devices could lead to remote code execution
Microsoft discovered and responsibly disclosed two vulnerabilities in Rockwell Automation PanelView Plus that could be remotely exploited by unauthenticated attackers,...
Mitigating Skeleton Key, a new type of generative AI jailbreak technique
In generative AI, jailbreaks, also known as direct prompt injection attacks, are malicious user inputs that attempt to circumvent an...
AI jailbreaks: What they are and how they can be mitigated
Generative AI systems are made up of multiple components that interact to provide a rich user experience between the human...
Threat actors misusing Quick Assist in social engineering attacks leading to ransomware
Since mid-April 2024, Microsoft Threat Intelligence has observed the threat actor Storm-1811 misusing the client management tool Quick Assist to...
“Dirty stream” attack: Discovering and mitigating a common vulnerability pattern in Android apps
Microsoft discovered a path traversal-affiliated vulnerability pattern in multiple popular Android applications that could enable a malicious application to overwrite...
Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials
Microsoft Threat Intelligence is publishing results of our longstanding investigation into activity by the Russian-based threat actor Forest Blizzard (STRONTIUM)...
Attackers exploiting new critical OpenMetadata vulnerabilities on Kubernetes clusters
Attackers are constantly seeking new vulnerabilities to compromise Kubernetes environments. Microsoft recently uncovered an attack that exploits new critical vulnerabilities...
How Microsoft discovers and mitigates evolving attacks against AI guardrails
As we continue to integrate generative AI into our daily lives, it’s important to understand the potential harms that can...
Microsoft Threat Intelligence unveils targets and innovative tactics amidst tax season
Cybercriminals use social engineering during holidays and important events like tax season to steal user information. Our new Microsoft Threat...
Diamond Sleet supply chain compromise distributes a modified CyberLink installer
Microsoft Threat Intelligence has uncovered a supply chain attack by the North Korea-based threat actor Diamond Sleet (ZINC) involving a...
Threat actors misuse OAuth applications to automate financially driven attacks
Threat actors are misusing OAuth applications as an automation tool in financially motivated attacks. OAuth is an open standard for...
Star Blizzard increases sophistication and evasion in ongoing attacks
Microsoft Threat Intelligence continues to track and disrupt malicious activity attributed to a Russian state-sponsored actor we track as Star...
Patching Perforce perforations: Critical RCE vulnerability discovered in Perforce Helix Core Server
Microsoft discovered, responsibly disclosed, and helped remediate four vulnerabilities that could be remotely exploited by unauthenticated attackers in Perforce Helix...
Financially motivated threat actors misusing App Installer
Since mid-November 2023, Microsoft Threat Intelligence has observed threat actors, including financially motivated actors like Storm-0569, Storm-1113, Sangria Tempest, and...
Join us at InfoSec Jupyterthon 2024
Jupyter notebooks are continuing to grow in popularity in information security as an alternative or supplement to mainstream security operations...
Staying ahead of threat actors in the age of AI
Over the last year, the speed, scale, and sophistication of attacks has increased alongside the rapid development and adoption of...
New TTPs observed in Mint Sandstorm campaign targeting high-profile individuals at universities and research orgs
Since November 2023, Microsoft has observed a distinct subset of Mint Sandstorm (PHOSPHORUS) targeting high-profile individuals working on Middle Eastern...
Midnight Blizzard: Guidance for responders on nation-state attack
The Microsoft security team detected a nation-state attack on our corporate systems on January 12, 2024, and immediately activated our...
Senators Demand Probe into SEC Hack After Bitcoin Price Spike
US lawmakers have demanded an investigation into the hack of the Securities and Exchange Commission (SEC)’s X (formerly Twitter) account...
