#  @MsftSecIntel Microsoft Threat Intelligence Microsoft Threat Intelligence posts on X about microsoft, actor, in the, phishing the most. They currently have [-------] followers and [---] posts still getting attention that total [-----] engagements in the last [--] hours. ### Engagements: [-----] [#](/creator/twitter::217462908/interactions)  - [--] Week [-------] +417% - [--] Month [-------] +151% - [--] Months [-------] -53% - [--] Year [---------] -66% ### Mentions: [--] [#](/creator/twitter::217462908/posts_active)  - [--] Months [--] -45% - [--] Year [---] -44% ### Followers: [-------] [#](/creator/twitter::217462908/followers)  - [--] Week [-------] +0.20% - [--] Month [-------] +0.26% - [--] Months [-------] +0.87% - [--] Year [-------] +2.30% ### CreatorRank: [-------] [#](/creator/twitter::217462908/influencer_rank)  ### Social Influence **Social category influence** [technology brands](/list/technology-brands) [stocks](/list/stocks) [countries](/list/countries) [finance](/list/finance) [social networks](/list/social-networks) [fashion brands](/list/fashion-brands) [ncaa football](/list/ncaa-football) [currencies](/list/currencies) [travel destinations](/list/travel-destinations) **Social topic influence** [microsoft](/topic/microsoft) #185, [actor](/topic/actor), [in the](/topic/in-the), [phishing](/topic/phishing), [code](/topic/code), [a new](/topic/a-new), [target](/topic/target), [to the](/topic/to-the), [software](/topic/software), [discovered](/topic/discovered) **Top accounts mentioned or mentioned by** [@sherrodim](/creator/undefined) [@cyberwarcon](/creator/undefined) [@ajohnsocyber](/creator/undefined) [@andresfreundtec](/creator/undefined) [@blacklotuslabs](/creator/undefined) [@skocherhan](/creator/undefined) [@microsoft](/creator/undefined) [@yoyoyojbo](/creator/undefined) [@blackhat](/creator/undefined) [@atlassian](/creator/undefined) [@simandsec](/creator/undefined) [@laurenleigh522](/creator/undefined) [@ehaeghebaert](/creator/undefined) [@reprise99](/creator/undefined) [@x71n3](/creator/undefined) [@malwareforme](/creator/undefined) [@wesdrone](/creator/undefined) [@gregschloemer](/creator/undefined) [@mattkennedy](/creator/undefined) [@weldpond](/creator/undefined) **Top assets mentioned** [Microsoft Corp. (MSFT)](/topic/microsoft) [Crowdstrike Holdings Inc (CRWD)](/topic/crowdstrike) [April (APRIL)](/topic/april) [Sentinel (P2P)](/topic/sentinel) ### Top Social Posts Top posts by engagements in the last [--] hours "Microsoft Threat Intelligence uncovered a macOS vulnerability tracked as CVE-2025-31199 that could allow attackers to steal private data of files normally protected by Transparency Consent and Control (TCC) such as caches used by Apple Intelligence. https://msft.it/6015sHUoS https://msft.it/6015sHUoS" [X Link](https://x.com/MsftSecIntel/status/1949862843639062582) 2025-07-28T16:01Z 188.5K followers, 88.1K engagements "To help protect against these attacks Microsoft Defender for Office [---] uses machine learning and detonation technology to automatically analyze new and unknown threats in real time backed by Microsoft researchers closely monitoring the trend to ensure continued coverage" [X Link](https://x.com/MsftSecIntel/status/1331660699546783745) 2020-11-25T18:07Z 187.6K followers, [--] engagements "Microsoft Incident Response's investigation of a BlackByte [---] ransomware attack that progressed in less than five days highlights the importance of disrupting common attack patterns stopping attacker activities that precede ransomware deployment: https://msft.it/6010gxvlQ https://msft.it/6010gxvlQ" [X Link](https://x.com/anyuser/status/1676999953392992262) 2023-07-06T17:02Z 188.5K followers, 56.9K engagements "Microsoft Threat Intelligence has observed North Korean state actor Emerald Sleet (also known as Kimsuky and VELVET CHOLLIMA) using a new tactic: tricking targets into running PowerShell as an administrator and then pasting and running code provided by the threat actor" [X Link](https://x.com/anyuser/status/1889407814604296490) 2025-02-11T20:15Z 188.5K followers, 126.5K engagements "To execute this tactic the threat actor masquerades as a South Korean government official and over time builds rapport with a target before sending a spear-phishing email with an PDF attachment" [X Link](https://x.com/MsftSecIntel/status/1889407816584044719) 2025-02-11T20:15Z 187.7K followers, [----] engagements "Microsoft Incident Response researchers uncovered a novel remote access trojan (RAT) that demonstrates sophisticated techniques to evade detection persist in the target environment and exfiltrate sensitive data. https://msft.it/6013qVXAl https://msft.it/6013qVXAl" [X Link](https://x.com/anyuser/status/1901680503968690357) 2025-03-17T17:02Z 188.5K followers, 119.8K engagements "GitHub is strengthening npm security with stricter authentication granular tokens and enhanced trusted publication. This is in response to the surge of account takeovers on package registries like npm. In these attacks threat actors gain unauthorized access to maintainer accounts and distribute malicious code through trusted packages. A recent example of such an attack is the Shai-Hulud attack a self-replicating worm that infiltrated the npm ecosystem via compromised maintainer accounts. The worm replicated by injecting malicious post-install scripts into popular JavaScript packages and was" [X Link](https://x.com/MsftSecIntel/status/1970600100205326728) 2025-09-23T21:24Z 187.8K followers, 11K engagements "Storm-1175 a financially motivated threat actor known for deploying Medusa ransomware was observed exploiting the CVE-2025-10035 vulnerability in GoAnywhere MFT's License Servlet. Read our analysis and get detection and hunting guidance: https://msft.it/6018sIfKr https://msft.it/6018sIfKr" [X Link](https://x.com/MsftSecIntel/status/1975246423793750086) 2025-10-06T17:07Z 187.6K followers, 18K engagements "Threat actors seek to abuse Microsoft Teams features and capabilities at different points along the attack chain raising the stakes for defenders to proactively monitor detect and respond. Read our latest blog to get extensive recommendations for countermeasures and controls across identity endpoints data apps and network layers to help harden enterprise Teams environments. https://msft.it/6015sLUrP https://msft.it/6015sLUrP https://msft.it/6015sLUrP https://msft.it/6015sLUrP" [X Link](https://x.com/MsftSecIntel/status/1975608335433900243) 2025-10-07T17:05Z 187.6K followers, 14.5K engagements "The Microsoft Digital Defense Report [----] shows how threats are evolving faster than ever fueled by AI. Key insights from report include: -More than 50% of cyberattacks with known motives had financial objectives such as extortion or ransom while only 4% were motivated solely by espionage. -For initial access attacks targeted well-known exposure footprint including web-facing assets (18%) external remote services (12%) and supply chains (3%). -Meanwhile identity-based attacks rose by 32%. More than 97% of identity attacks are password spray or brute force attacks. -There has been an 87%" [X Link](https://x.com/MsftSecIntel/status/1978835848645730321) 2025-10-16T14:50Z 187.6K followers, 10.3K engagements "Azure Blob Storage is a high-value target for threat actors due to its critical role in storing and managing massive amounts of unstructured data at scale across diverse workloads: Threat actors are actively seeking opportunities to compromise environments that host downloadable media or maintain large-scale data repositories leveraging the flexibility and scale of Blob Storage to target a broad spectrum of organizations. Attackers exploit misconfigurations exposed credentials and evolving cloud tactics adapting their techniques to the unique attack surface of Blob Storagewhether probing for" [X Link](https://x.com/MsftSecIntel/status/1980303518889054343) 2025-10-20T16:02Z 187.6K followers, 10K engagements ""Threats are accelerating yet our defensive capabilities have never been stronger. The gap is not technology. The gap is in how we think about and operationalize security." In her latest blog post Microsoft CVP and Deputy CISO @ajohnsocyber explores the challenges and opportunities for CISOs in responding to the accelerating threat landscape highlighted in the Microsoft Digital Defense Report [----]. Ann shares her thoughts on the evolved CISO mandate proven strategies for operationalizing security resilience and steps to strengthen resilience and response in organizations." [X Link](https://x.com/MsftSecIntel/status/1981123125396869540) 2025-10-22T22:18Z 187.6K followers, [----] engagements "Microsoft Incident Response Detection and Response Team (DART) uncovered SesameOp a new backdoor that uses the OpenAI Assistants API for C2. DART shared the findings with OpenAI who identified and disabled an API key and associated account. SesameOp uses the OpenAI Assistants API as a storage or relay mechanism to fetch commands which the malware then decrypts and executes locally. Once the tasks are completed it sends the results back to OpenAI as a message. To stay under the radar the backdoor uses compression and encryption. Microsoft and OpenAI jointly investigated the threat actors use" [X Link](https://x.com/MsftSecIntel/status/1985397515579990205) 2025-11-03T17:23Z 187.8K followers, 28.2K engagements "In the latest Microsoft Threat Intelligence Podcast episode Sherrod DeGrippo and Zack Korman explore the future risks and opportunities that AI introduces in cybersecurity cutting through hype to discuss where AI is both brilliant and flawed: https://msft.it/6019tyTmc https://msft.it/6019tyTmc" [X Link](https://x.com/MsftSecIntel/status/1986150402077679868) 2025-11-05T19:15Z 187.8K followers, [----] engagements "Dive into the heart of threat intelligence as Principal Security Researcher @yo_yo_yo_jbo reveals how proactive security research powers Microsofts defenses: The relentless hunt for vulnerabilitieslike the HM Surf exploitspotlights how research doesnt just chase attackers but anticipates them. Cross-platform research extends protection beyond Windows covering Linux Mac and Androidensuring Defender follows wherever customers go. By using this research to create generalized detections the team prepares for future threats not just current ones. The scale of impact is multiplied by AI with tools" [X Link](https://x.com/MsftSecIntel/status/1986838631290372533) 2025-11-07T16:50Z 187.8K followers, [----] engagements "Microsoft has discovered a new type of side-channel attack against streaming-mode language models using network packet sizes and timings. An attacker in a position to observe the encrypted traffic could use this type of side-channel attack to conclude language model conversation topics. This could put the privacy of user and enterprise communications with chatbots at risk despite end-to-end encryption via TLS. We worked with multiple cloud providers of language models to mitigate the risk and ensured that Microsoft-owned language model frameworks are protected. Learn more:" [X Link](https://x.com/MsftSecIntel/status/1986883278108831961) 2025-11-07T19:47Z 187.8K followers, 13.3K engagements "The November [----] security updates are available: Security updates for November [----] are now available Details are here: https://t.co/WW89TcgFXA #PatchTuesday #SecurityUpdateGuide https://t.co/oZI6moVcad Security updates for November [----] are now available Details are here: https://t.co/WW89TcgFXA #PatchTuesday #SecurityUpdateGuide https://t.co/oZI6moVcad" [X Link](https://x.com/MsftSecIntel/status/1988309800552157484) 2025-11-11T18:16Z 187.8K followers, 15.2K engagements "The Threat Intelligence Briefing Agent which delivers daily customized briefings that combine Microsofts global threat intelligence with insights specific to each organization is now fully integrated into the Microsoft Defender portal available in public preview. With the Threat Intelligence Briefing Agent analysts receive automated up-to-date intelligence summaries that help them quickly prioritize actions by providing risk assessments clear recommendations and direct links to vulnerable assets. Meanwhile the first phase of the integration of Microsoft Defender Threat Intelligence (MDTI)" [X Link](https://x.com/MsftSecIntel/status/1990924719252557969) 2025-11-18T23:26Z 187.7K followers, 22K engagements "Throughout [----] Tycoon2FA (tracked by Microsoft as Storm-1747) has consistently been the most prolific phishing-as-a-service (PhaaS) platform observed by Microsoft. In October [----] Microsoft Defender for Office [---] blocked more than [--] million malicious emails linked to Tycoon2FA. Storm-1747s PhaaS platform was a major driver behind the surge of fake CAPTCHA phishing tactics. In October more than 44% of all CAPTCHA-gated phishing attacks blocked by Microsoft were attributed to Tycoon2FA infrastructure. One Tycoon2FA-driven campaign involved over [------] messages targeting organizations in 182" [X Link](https://x.com/MsftSecIntel/status/1991921025181786202) 2025-11-21T17:25Z 187.7K followers, 16.9K engagements "On Thanksgiving eve November [--] Microsoft detected and blocked a high-volume phishing campaign from a threat actor we track as Storm-0900. The campaign used parking ticket and medical test result themes and referenced Thanksgiving to lend credibility and lower recipients suspicion. The campaign consisted of tens of thousands of emails and targeted primarily users in the United States. Microsoft disrupted this campaign through a combination of email filtering endpoint protections and threat intelligence-based preemptive blocking of attacker infrastructure" [X Link](https://x.com/MsftSecIntel/status/1995649234264076460) 2025-12-02T00:20Z 187.8K followers, 32.4K engagements "The URLs in the phishing emails redirected to an attacker-controlled landing page on the malicious domain permit-service.top that employed several rounds of user interaction. First users needed to solve a slider CAPTCHA by clicking and dragging a slider followed by ClickFix a technique that threat actors use to trick users into running malicious commands on their devices. If users fell for the ClickFix lure and executed a command in their Run prompt a PowerShell script would run" [X Link](https://x.com/MsftSecIntel/status/1995649242329677996) 2025-12-02T00:20Z 187.7K followers, [----] engagements "New blog post: Shai-Hulud 2.0: Guidance for detecting investigating and defending against the supply chain attack. In defending against threats like Shai-Hulud [---] organizations benefit significantly from the layered protection from Microsoft Defender which provides security coverage from code to posture management to runtime. This defense-in-depth approach is especially valuable when facing supply chain-driven attacks that might introduce malicious dependencies that evade traditional vulnerability assessment tools. In these scenarios the ability to correlate telemetry across data planes such" [X Link](https://x.com/MsftSecIntel/status/1998513488575053828) 2025-12-09T22:02Z 187.9K followers, 12.7K engagements "Most exploitation activity related to the CVE-2025-55182 vulnerability affecting React Server Components Next.js and related frameworks originated from red teams assessments but observed exploitation attempts by threat actors deliver various payloads. This pre-authentication remote code execution (RCE) vulnerability (also referred to as React2Shell and includes CVE-2025-66478 which was merged into it) could allow attackers to execute arbitrary code on vulnerable servers through a single malicious HTTP request. In this blog Microsoft Defender researchers share insights and detailed analysis of" [X Link](https://x.com/MsftSecIntel/status/2000652974595383475) 2025-12-15T19:43Z 187.8K followers, 35.7K engagements "Phishing actors are abusing complex routing scenarios and misconfigured spoof protections to spoof organizations domains and deliver emails that appear internally sent. This vectorwhich has seen increased visibility and use since May 2025has enabled credential phishing campaigns tied to phishing-as-a-service (PhaaS) platforms like Tycoon2FA using lures such as voicemails shared documents HR updates and password resets. Microsoft has also observed this technique leveraged in financial scams. Successful credential compromise through phishing attacks may lead to data theft or business email" [X Link](https://x.com/MsftSecIntel/status/2008599814733218219) 2026-01-06T18:01Z 187.8K followers, 35.5K engagements "CrashFix a variant of the ClickFix technique has been observed leading to the deployment of remote access trojan ModeloRAT and actions indicative of pre-ransomware activity. Get analysis detection hunting guidance from Microsoft Defender Experts: https://msft.it/6014QMmmY https://msft.it/6014QMmmY" [X Link](https://x.com/MsftSecIntel/status/2019530617642225731) 2026-02-05T21:56Z 188.4K followers, 12.8K engagements "Recent threat actor activity shows an emphasis on misusing trust identity and cloud-native capabilities to achieve maximum impact with minimal noise: Storm0501 illustrates how ransomware has evolved beyond onpremises operations into hybrid and cloud environments leveraging identity systems federation and control planes to destroy data wipe backups and lock victims outoften without deploying traditional malware. A similar tactic appears in SesameOp a backdoor that uses an AI platform as its commandandcontrol infrastructure. By operating within legitimate API usage SesameOp maintains long-term" [X Link](https://x.com/MsftSecIntel/status/2011865504768573593) 2026-01-15T18:18Z 187.9K followers, 13.2K engagements "Microsoft Defender Researchers uncovered a multistage adversaryinthemiddle (AiTM) phishing and business email compromise (BEC) campaign targeting the energy sector. The campaign abused SharePoint filesharing services to deliver phishing payloads and relied on inbox rule creation to maintain persistence and avoid raising suspicion. Following the initial compromise the attackers leveraged trusted identities to conduct largescale intraorganizational as well as external phishing expanding the scope of the campaign to multiple organizations. Read our in-depth analysis of this complex campaign" [X Link](https://x.com/MsftSecIntel/status/2014843275006328984) 2026-01-23T23:30Z 188K followers, 18.8K engagements "Successful attacks rarely depend on something novel. They succeed when basic controls are missing or inconsistently applied. Microsoft is engaging in Operation Winter SHIELD an FBI Cyber Division public cybersecurity implementation initiative focused on closing the gap between security intent and consistent execution. Drawing on how Microsoft protects its own infrastructure at global scale Sherrod DeGrippo Deputy CISO GM Customer Security shares how threat intelligence helps prioritize what truly matters how Baseline Security Mode enforces secure-by-default protections and how operational" [X Link](https://x.com/MsftSecIntel/status/2019462585037271250) 2026-02-05T17:26Z 188K followers, 18K engagements "Microsofts Secure Development Lifecycle (SDL) is expanding to address AI-specific security concerns in addition to the traditional software security areas that it has historically covered. Microsofts SDL for AI introduces specialized guidance and tooling to address the complexities of AI security including threat modeling for AI AI system observability and AI memory protections among others. SDL for AI is a dynamic framework that unites research policy standards enablement cross-functional collaboration and continuous improvement to empower secure AI development and deployment. Learn more:" [X Link](https://x.com/MsftSecIntel/status/2019840831444689321) 2026-02-06T18:29Z 188.4K followers, [----] engagements "As attackers rely heavily on C2 communications for various stages of their campaigns blocking these connections can disrupt or mitigate attacks. Learn how Microsoft Defender for Endpoint's network protection blocks connections to C2 infrastructure: https://msft.it/6016dcOZm https://msft.it/6016dcOZm" [X Link](https://x.com/MsftSecIntel/status/1588204858963906561) 2022-11-03T16:22Z 188.4K followers, [---] engagements "The spear-phishing emails in this campaign were sent to thousands of targets in over [---] organizations and contained a signed Remote Desktop Protocol (RDP) configuration file that connected to an actor-controlled server" [X Link](https://x.com/MsftSecIntel/status/1851339475227377848) 2024-10-29T19:05Z 188.4K followers, 114.2K engagements "Microsoft Defender researchers observed attackers using yet another evasion approach to the ClickFix technique: Asking targets to run a command that executes a custom DNS lookup and parses the Name: response to receive the next-stage payload for execution" [X Link](https://x.com/MsftSecIntel/status/2022456612120629742) 2026-02-13T23:43Z 188.5K followers, 148K engagements "ClickFix is a social engineering technique typically delivered through phishing malvertising or drive-by lures (often fake CAPTCHA or fix this issue prompts) that trick users into copying pasting and running a command: https://msft.it/6012QrrgA https://msft.it/6012QrrgA" [X Link](https://x.com/MsftSecIntel/status/2022456614528147492) 2026-02-13T23:43Z 188.5K followers, [----] engagements "Office [---] ATP is currently blocking a high-volume phishing attack that uses a neat impersonation of Royal Bank of Canada (RBC)" [X Link](https://x.com/MsftSecIntel/status/1106698855389630465) 2019-03-15T23:29Z 184.5K followers, [---] engagements "Microsoft [---] customers can refer to the threat analytics report we published in Microsoft Defender Security Center. The threat analytics report contains technical details mitigations and detection details designed to empower SecOps to detect and mitigate this threat" [X Link](https://x.com/MsftSecIntel/status/1308941505730666496) 2020-09-24T01:29Z 184.5K followers, [--] engagements "We'll continue to monitor developments and update the threat analytics report with latest info. We strongly recommend customers to immediately apply security updates for CVE-2020-1472. Microsoft [---] customers can use threat & vulnerability management data to see patching status" [X Link](https://x.com/MsftSecIntel/status/1308941506871545857) 2020-09-24T01:29Z 184.5K followers, [--] engagements "New blog: The threat actor BISMUTH which has been running increasingly complex targeted attacks deployed coin miners in campaigns from July to August [----]. Learn how the group tried to stay under the radar using threats perceived to be less alarming: https://msft.it/6014p3MiQ https://msft.it/6014p3MiQ" [X Link](https://x.com/MsftSecIntel/status/1333540057526005765) 2020-11-30T22:35Z 183.7K followers, [---] engagements "We are open sourcing the Python source code of a research toolkit we call CyberBattleSim an experimental research project that explores the applications of autonomous systems and reinforcement learning to security. https://www.microsoft.com/security/blog/2021/04/08/gamifying-machine-learning-for-stronger-security-and-ai-models/ https://www.microsoft.com/security/blog/2021/04/08/gamifying-machine-learning-for-stronger-security-and-ai-models/" [X Link](https://x.com/MsftSecIntel/status/1380190325977739266) 2021-04-08T16:06Z 184.5K followers, [---] engagements "CyberBattleSim investigates how autonomous agents operate in a simulated enterprise environment. It uses the Python-based OpenAI Gym interface to allow training of automated agents using reinforcement learning algorithms" [X Link](https://x.com/MsftSecIntel/status/1380190330746630152) 2021-04-08T16:06Z 184.5K followers, [--] engagements "New blog: In-depth analysis of newly detected NOBELIUM malware: a post-exploitation backdoor that Microsoft refers to as FoggyWeb. NOBELIUM uses FoggyWeb to remotely exfiltrate data from compromised AD FS servers. Get IOCs protection info and guidance: https://msft.it/6018XekA6 https://msft.it/6018XekA6" [X Link](https://x.com/anyuser/status/1442565956782280713) 2021-09-27T19:05Z 188.5K followers, [---] engagements "Volt Typhoon a Chinese state-sponsored actor uses living-off-the-land (LotL) and hands-on-keyboard TTPs to evade detection and persist in an espionage campaign targeting critical infrastructure organizations in Guam and the rest of the United States. https://msft.it/6019gj8eH https://msft.it/6019gj8eH" [X Link](https://x.com/anyuser/status/1661447876906561536) 2023-05-24T19:03Z 188.5K followers, 240.3K engagements "Microsoft has detected increased credential attack activity by the threat actor Midnight Blizzard using residential proxy services to obfuscate the source of their attacks. These attacks target governments IT service providers NGOs defense industry and critical manufacturing" [X Link](https://x.com/anyuser/status/1671579358031486991) 2023-06-21T18:02Z 188.5K followers, 179.5K engagements "Microsoft has identified a phishing campaign conducted by Storm-0978 targeting defense and government entities in Europe and North America. The campaign involved the abuse of CVE-2023-36884 to deliver a payload with similarities to the RomCom backdoor" [X Link](https://x.com/MsftSecIntel/status/1678829006534193152) 2023-07-18T07:42Z 178.8K followers, 111.1K engagements "Were sharing more details from our investigation of the Storm-0558 campaign that targeted customer email including our analysis of the threat actors techniques tools and infrastructure and the steps we took to harden systems involved: https://msft.it/6017g26HL https://msft.it/6017g26HL" [X Link](https://x.com/anyuser/status/1679899809648455680) 2023-07-14T17:05Z 188.5K followers, 268.1K engagements "Microsoft has identified targeted attacks against the defense sector in Ukraine and Eastern Europe by the threat actor Secret Blizzard (KRYPTON UAC-0003) leveraging DeliveryCheck a novel .NET backdoor used to deliver a variety of second stage payloads" [X Link](https://x.com/MsftSecIntel/status/1681695399084539908) 2023-07-20T00:24Z 178.8K followers, 65.6K engagements "Microsoft has identified highly targeted social engineering attacks by the threat actor Midnight Blizzard (previously NOBELIUM) using credential theft phishing lures sent as Microsoft Teams chats. Get detailed analysis IOCs and recommendations: https://msft.it/60199EEkv https://msft.it/60199EEkv" [X Link](https://x.com/anyuser/status/1686815378083573760) 2023-08-02T19:05Z 188.5K followers, 148K engagements "AI red teaming is core to understanding novel risks that AI systems come with and is a cornerstone to responsible AI. Get best practices from the Microsoft AI Red Team interdisciplinary experts who think like attackers and probe AI systems for failures:" [X Link](https://x.com/MsftSecIntel/status/1688612218516967426) 2023-08-07T18:05Z 178.8K followers, 41.1K engagements "Are you at @BlackHat #BHUSA Drop by the Microsoft booth #1740 today and tomorrow for product demos and theater sessions on important security topics by our security experts as well as guest speakers from Microsoft partners" [X Link](https://x.com/MsftSecIntel/status/1689345223355412487) 2023-08-09T18:37Z 178.8K followers, [----] engagements "Microsoft cyberphysical systems researchers continue to develop and add more tools to the open-source Microsoft ICS forensics framework we released last year for analyzing industrial programmable logic controller (PLC) metadata and project files: https://msft.it/60169yhxs https://msft.it/60169yhxs" [X Link](https://x.com/MsftSecIntel/status/1689412491472719873) 2023-08-09T23:05Z 184.1K followers, 31.3K engagements "At this years #BHUSA Microsoft researchers are sharing more information about the framework as well as new CODESYS tools that defenders can use build on and customize for detecting suspicious artifacts in ICS environments:" [X Link](https://x.com/MsftSecIntel/status/1689412493716639744) 2023-08-09T23:05Z 178.8K followers, [----] engagements "Microsoft has observed a new version of the BlackCat ransomware being used in recent campaigns. This version includes the open-source communication framework tool Impacket which threat actors use to facilitate lateral movement in target environments" [X Link](https://x.com/anyuser/status/1692212191536066800) 2023-08-17T16:30Z 188.5K followers, 190.3K engagements "Microsoft has identified a nation-state actor tracked as Flax Typhoon quietly gaining and maintaining access to organizations in Taiwan via known exploits malware built-in tools and legitimate VPN software. Get the actor's TTPs and detection info:" [X Link](https://x.com/MsftSecIntel/status/1694749155359355158) 2023-08-24T16:31Z 178.8K followers, 62K engagements "Adversary-in-the-middle (AiTM) phishing techniques continue to proliferate through the phishing-as-a-service (PhaaS) cybercrime model as seen in the increasing number of-AiTM capable PhaaS platforms throughout 2023" [X Link](https://x.com/MsftSecIntel/status/1696273952870367320) 2023-08-28T21:30Z 184.5K followers, 66.9K engagements "Were releasing a second version of our threat matrix for storage services a structured tool that can help identify and analyze potential security threats on data stored in cloud storage services. Learn about the new attack techniques in the matrix: https://msft.it/60119ZQd9 https://msft.it/60119ZQd9" [X Link](https://x.com/anyuser/status/1699830387281637463) 2023-09-07T17:02Z 188.5K followers, 64.8K engagements "Beginning July [----] Storm-0324 a financially motivated threat actor known to gain access to networks and then hand off access to other actors was observed distributing payloads by sending phishing lures thru Microsoft Teams chats. Get TTPs mitigation: https://msft.it/60189d8Wi https://msft.it/60189d8Wi" [X Link](https://x.com/anyuser/status/1701642642231054802) 2023-09-12T17:03Z 188.5K followers, 134K engagements "The September [----] security updates are available: Security Updates for September [----] are now available Details are here: https://t.co/ItXjYLGoS4 #PatchTuesday #SecurityUpdateGuide https://t.co/gM8NcKHaMb Security Updates for September [----] are now available Details are here: https://t.co/ItXjYLGoS4 #PatchTuesday #SecurityUpdateGuide https://t.co/gM8NcKHaMb" [X Link](https://x.com/MsftSecIntel/status/1701679058633806206) 2023-09-12T19:27Z 184.5K followers, 15.3K engagements "Since February [----] Microsoft has observed password spray activity by Iranian threat actor Peach Sandstorm (HOLMIUM) against thousands of orgs likely an attempt to collect intelligence to support Iranian interests. Get TTPs mitigation hunting guidance:" [X Link](https://x.com/MsftSecIntel/status/1702359807095673106) 2023-09-14T16:33Z 174.5K followers, 42.1K engagements "Our analysis of an attempt to steal the cloud identity in a SQL Server instance for lateral movement highlights the importance of securing cloud identities and implementing least privilege practices when deploying cloud-based and on-premises solutions:" [X Link](https://x.com/MsftSecIntel/status/1709245866559553733) 2023-10-03T16:35Z 174.6K followers, 61.2K engagements "Ransomware attacks are evolving to minimize footprint with 60% using remote encryption rendering process-based remediation ineffective. More insights on cybercrime state-sponsored cyberattacks and others from the [----] Microsoft Digital Defense Report:" [X Link](https://x.com/MsftSecIntel/status/1709966693756191173) 2023-10-05T16:20Z 178.9K followers, 47.1K engagements "Microsoft has observed nation-state threat actor Storm-0062 exploiting CVE-2023-22515 in the wild since September [--] [----]. CVE-2023-22515 was disclosed on October [--] [----]. Storm-0062 is tracked by others as DarkShadow or Oro0lxy" [X Link](https://x.com/anyuser/status/1711871732644970856) 2023-10-10T22:30Z 188.5K followers, 204.3K engagements "The four IP addresses below were observed sending related CVE-2023-22515 exploit traffic: 192.69.90.31 104.128.89.92 23.105.208.154 199.193.127.231" [X Link](https://x.com/MsftSecIntel/status/1711871733932671336) 2023-10-10T22:30Z 177.8K followers, 23.1K engagements "CVE-2023-22515 is a critical privilege escalation vulnerability in Atlassian Confluence Data Center and Server. Any device with a network connection to a vulnerable application can exploit CVE-2023-22515 to create a Confluence administrator account within the application" [X Link](https://x.com/MsftSecIntel/status/1711871735673282807) 2023-10-10T22:30Z 177.8K followers, 16.7K engagements "Organizations with vulnerable Confluence applications should upgrade as soon as possible to a fixed version: 8.3.3 8.4.3 or 8.5.2 or later. Organizations should isolate vulnerable Confluence applications from the public internet until they are able to upgrade them" [X Link](https://x.com/MsftSecIntel/status/1711871736730272226) 2023-10-10T22:30Z 174.5K followers, 15.5K engagements "We thank @Atlassian for their partnership in investigating these active exploits. Atlassian provides further details in their security advisory. https://msft.it/60119sdqS https://msft.it/60119sdqS" [X Link](https://x.com/MsftSecIntel/status/1711871737804059020) 2023-10-10T22:30Z 184.5K followers, 18.2K engagements "A large-scale remote encryption attempt from an Akira ransomware operator tracked by Microsoft as Storm-1567 was disrupted when Microsoft Defender for Endpoint identified and contained a compromised user account being used in the attack. Learn how: https://msft.it/60129sFDQ https://msft.it/60129sFDQ" [X Link](https://x.com/anyuser/status/1712139749887029476) 2023-10-11T16:15Z 188.5K followers, 63.2K engagements "Microsoft customers can get more info and mitigation guidance related to Storm-0062 and CVE-2023-22515 in reports we published on Microsoft products: Microsoft Defender Threat Intelligence: Microsoft [---] Defender:" [X Link](https://x.com/MsftSecIntel/status/1712200597875683687) 2023-10-11T20:16Z 178.8K followers, [----] engagements "Your new favorite podcast is here The Microsoft Threat Intelligence Podcast has behind-the-scenes tales about uncovering attacks threat actors malware exploits etc. from researchers & analysts. Hosted by @sherrod_im. First [--] episodes are live" [X Link](https://x.com/MsftSecIntel/status/1712226666347483258) 2023-10-11T22:00Z 178.8K followers, 31K engagements "In one of the inaugural episodes Microsoft analysts @simandsec @LaurenLeigh522 & @EHaeghebaert talk to @sherrod_im about the unique and evolving nature of the Iranian threat actor Peach Sandstorm. Listen to The Microsoft Threat Intelligence Podcast:" [X Link](https://x.com/MsftSecIntel/status/1712226667601576325) 2023-10-11T22:00Z 178.9K followers, [----] engagements "In The Microsoft Threat Intelligence Podcast episode aptly titled Incident Response with Empathy @sherrod_im & Microsoft IR consultant @reprise_99 discuss the importance of creating accessible open-source tools & resources for entry-level forensics:" [X Link](https://x.com/MsftSecIntel/status/1712226669597995494) 2023-10-11T22:00Z 178.8K followers, 13.8K engagements "Host @sherrod_im and mobile security researcher @x71n3 explore mobile threats and privacy concerns and offer practical advice for safeguarding mobile devices and personal information in this Microsoft Threat Intelligence Podcast episode:" [X Link](https://x.com/MsftSecIntel/status/1712226670973735342) 2023-10-11T22:00Z 178.9K followers, [----] engagements "The threat actor that Microsoft tracks as Storm-1575 is behind the development support and sale of Dadsec a phishing-as-a-service (PhaaS) platform responsible for some of the highest volumes of phishing attacks tracked by Microsoft since it was initially seen in May 2023" [X Link](https://x.com/MsftSecIntel/status/1712936244987019704) 2023-10-13T21:00Z 178.8K followers, 62.1K engagements "Storm-1575 focuses on its product offering and support for its customers instead of launching attacks themselves. Dadsec offers actors a platform to launch adversary-in-the-middle (AiTM) attacks. More of our research on AiTM here:" [X Link](https://x.com/MsftSecIntel/status/1712936246467580021) 2023-10-13T21:00Z 178.9K followers, [----] engagements "Since early October [----] Microsoft has observed North Korean nation-state threat actors Diamond Sleet and Onyx Sleet exploiting the TeamCity CVE-2023-42793 RCE vulnerability posing a particularly high risk to affected orgs. Get TTPs & protection info:" [X Link](https://x.com/MsftSecIntel/status/1714681498115440898) 2023-10-18T16:35Z 177.5K followers, 53.7K engagements "A joint referral by Microsoft and Amazon provided actionable intelligence and insights to support Indias Central Bureau of Investigation (CBI) in raiding multiple illegal call centers perpetrating tech support fraud. Learn more:" [X Link](https://x.com/MsftSecIntel/status/1715069805403713806) 2023-10-19T18:18Z 174.5K followers, 77.6K engagements "The financially motivated threat actor tracked by Microsoft as Octo Tempest whose evolving campaigns leverage tradecraft not seen in typical threat models represents a growing concern for organizations. Get TTPs and protection info:" [X Link](https://x.com/MsftSecIntel/status/1717219375181152764) 2023-10-25T16:39Z 174.6K followers, 122.6K engagements "The [----] Microsoft Digital Defense Report highlighted over 200% increase in human-operated ransomware attacks and 12% increase in tracked ransomware as a service (RaaS) affiliates" [X Link](https://x.com/MsftSecIntel/status/1720489111717310697) 2023-11-03T17:12Z 175.4K followers, 84.1K engagements "The threat actor that Microsoft tracks as Sapphire Sleet known for cryptocurrency theft via social engineering has in the past few weeks created new websites masquerading as skills assessment portals marking a shift in the persistent actors tactics" [X Link](https://x.com/MsftSecIntel/status/1722316019920728437) 2023-11-08T18:11Z 175.7K followers, 64.4K engagements "Microsoft customers can use the following reports in Microsoft products to get more details on this activity and the most up-to-date info about Sapphire Sleet: Microsoft Defender Threat Intelligence: Microsoft [---] Defender:" [X Link](https://x.com/MsftSecIntel/status/1722316027202011264) 2023-11-08T18:11Z 178.8K followers, 10.7K engagements "Microsoft has discovered exploitation of a 0-day vulnerability in the SysAid IT support software in limited attacks by Lace Tempest a threat actor that distributes Clop ransomware. Microsoft notified SysAid about the issue (CVE-2023-47246) which they immediately patched" [X Link](https://x.com/anyuser/status/1722444141081076219) 2023-11-09T02:40Z 188.5K followers, 255.5K engagements "At @CYBERWARCON [----] Microsoft and LinkedIn analysts share research on Iranian threat actor activity before and after the start of the Israel-Hamas war; China-based Volt Typhoon; Russia-based Storm-0978; and private-sector offensive actor Blue Tsunami: https://msft.it/60179C7X7 https://msft.it/60179C7X7" [X Link](https://x.com/MsftSecIntel/status/1722586969262227659) 2023-11-09T12:08Z 184.1K followers, 51.3K engagements "Microsoft threat research experts share their experiences dealing with incidents related to the highly ingenious threat actor group Octo Tempest (0ktapus Scattered Spider UNC3944). Listen to the Microsoft Threat Intelligence Podcast episode here:" [X Link](https://x.com/MsftSecIntel/status/1724487361147335073) 2023-11-14T18:00Z 175.7K followers, 20.1K engagements "Octo Tempest is a financially driven threat actor group that leverages broad social engineering campaigns to compromise organizations for financial extortion. Our blog post presents more details on their TTPs:" [X Link](https://x.com/MsftSecIntel/status/1724487365190631776) 2023-11-14T18:00Z 175.8K followers, [----] engagements "The November [----] security updates are available:" [X Link](https://x.com/MsftSecIntel/status/1724514009934676373) 2023-11-14T19:45Z 175.8K followers, 19.7K engagements "By bringing together Microsoft Sentinel Microsoft Defender XDR (previously Microsoft [---] Defender) and Microsoft Security Copilot the unified security operations platform streamlines triage and provides an end-to-end view of threats across the digital estate" [X Link](https://x.com/MsftSecIntel/status/1725230693394104828) 2023-11-16T19:13Z 175.8K followers, 29.1K engagements "Microsoft has observed ongoing activity from mobile banking trojan campaigns targeting Android users in India with social media messages and malicious apps designed to impersonate legitimate orgs and steal users' personal data and financial information:" [X Link](https://x.com/MsftSecIntel/status/1726820988501815711) 2023-11-21T04:33Z 175.9K followers, 23.2K engagements "Microsoft has uncovered a supply chain attack by North Korean threat actor Diamond Sleet (ZINC) involving the modification of an installer file from software maker CyberLink. The payload calls back to attacker infrastructure for instructions. Learn more: https://msft.it/6013iHoQF https://msft.it/6013iHoQF" [X Link](https://x.com/anyuser/status/1727373881206296891) 2023-11-22T17:10Z 188.5K followers, 183.8K engagements "Microsoft has detected Danabot (Storm-1044) infections leading to hands-on-keyboard activity by ransomware operator Storm-0216 (Twisted Spider UNC2198) culminating in the deployment of Cactus ransomware. In this campaign Danabot is distributed via malvertising" [X Link](https://x.com/anyuser/status/1730383711437283757) 2023-12-01T00:30Z 188.5K followers, 147.9K engagements "Storm-0216 has historically received handoffs from Qakbot operators but has since pivoted to leveraging different malware for initial access likely a consequence of the Qakbot infrastructure takedown" [X Link](https://x.com/MsftSecIntel/status/1730383714125750531) 2023-12-01T00:30Z 176.7K followers, 43.4K engagements "The current Danabot campaign first observed in November appears to be using a private version of the info-stealing malware instead of the malware-as-a-service offering" [X Link](https://x.com/MsftSecIntel/status/1730383716252344382) 2023-12-01T00:30Z 176.7K followers, [----] engagements "Danabot collects user credentials and other info that it sends to command and control followed by lateral movement via RDP sign-in attempts eventually leading to a handoff to Storm-0216" [X Link](https://x.com/MsftSecIntel/status/1730383718068404508) 2023-12-01T00:30Z 176.6K followers, 10.5K engagements "Microsoft recommends strong credential hygiene network protection and attack surface reduction solutions. Microsoft Defender XDR detects the malware components and activity related to this campaign" [X Link](https://x.com/MsftSecIntel/status/1730383719809138782) 2023-12-01T00:30Z 176.6K followers, 10.3K engagements "Microsoft has identified a Russian-based nation-state threat actor tracked as Forest Blizzard (STRONTIUM APT28 FANCYBEAR) actively exploiting CVE-2023-23397 to provide secret unauthorized access to email accounts within Exchange servers: https://msft.it/6018iPOLm https://msft.it/6018iPOLm" [X Link](https://x.com/anyuser/status/1731626192300634585) 2023-12-04T10:47Z 188.5K followers, 143.8K engagements "Forest Blizzard primarily targets government energy transportation and non-governmental orgs in the US Europe and the Middle East. The threat actor also commonly employs other known public exploits in their attacks such as CVE-2023-38831 or CVE-2021-40444 among others" [X Link](https://x.com/MsftSecIntel/status/1731626194137759960) 2023-12-04T10:47Z 177.5K followers, [----] engagements "The Polish Cyber Command (DKWOC) partnered with Microsoft to take action against Forest Blizzard actors and to identify and mitigate techniques used by the actor. We thank DKWOC for their partnership and collaboration on this effort" [X Link](https://x.com/MsftSecIntel/status/1731626195853185098) 2023-12-04T10:47Z 177.8K followers, 47.6K engagements "Microsoft Defender XDR detects activities affiliated with the exploitation of CVE-2023-23397 and additional mitigation info and guidance is detailed in our blog. Organizations should ensure systems are patched and kept up to date to mitigate this threat:" [X Link](https://x.com/MsftSecIntel/status/1731626197631582256) 2023-12-04T10:47Z 177.8K followers, [----] engagements "Properly configuring Microsoft Entra ID can help avoid cloud identity compromise that could lead to malicious attacks or even tenant destruction. The Microsoft Incident Response team provides guidance based on past engagements here:" [X Link](https://x.com/MsftSecIntel/status/1732084443597177186) 2023-12-05T17:08Z 177.8K followers, 38.4K engagements "Today at #BHEU Microsoft researchers are sharing info about the open-source Microsoft ICS forensics framework as well as new Rockwell RSLogix and Omron tools that defenders can use and customize for detecting suspicious artifacts in ICS environments:" [X Link](https://x.com/MsftSecIntel/status/1732308895853346982) 2023-12-06T08:00Z 177.5K followers, 19.8K engagements "The open-source Microsoft ICS forensics framework designed for analyzing industrial programmable logic controller (PLC) metadata and project files is maintained by Microsoft cyberphysical systems researchers who continue to add more tools. Learn more:" [X Link](https://x.com/MsftSecIntel/status/1732308897682079872) 2023-12-06T08:00Z 177.5K followers, [----] engagements "Microsoft continues to track and disrupt activity attributed to a Russian state-sponsored actor we track as Star Blizzard (SEABORGIUM) who has improved their evasion capabilities since [----] while remaining focused on email credential theft. Get TTPs:" [X Link](https://x.com/MsftSecIntel/status/1732732438231548103) 2023-12-07T12:03Z 177.8K followers, 76.2K engagements "In this Microsoft Threat Intelligence Podcast episode Microsoft Senior Security Researcher @malwareforme discusses with @sherrod_im the psychology behind social engineering techniques and the importance of curiosity in investigating cyberattacks:" [X Link](https://x.com/MsftSecIntel/status/1733183638693445835) 2023-12-08T17:55Z 178.8K followers, [----] engagements "Threat actors are misusing OAuth applications commonly used for automating business processes in their financially motivated attacks. Microsoft shares analysis of real-world cases mitigation steps detection coverage and hunting guidance:" [X Link](https://x.com/MsftSecIntel/status/1734636499436548341) 2023-12-12T18:09Z 177.9K followers, 38.5K engagements "The December [----] security updates are available:" [X Link](https://x.com/MsftSecIntel/status/1734653803469722048) 2023-12-12T19:17Z 178K followers, 17.4K engagements "Microsoft has taken steps to disrupt and mitigate a widespread campaign by the Russian nation-state threat actor Midnight Blizzard targeting TeamCity servers using the publicly available exploit for CVE-2023-42793" [X Link](https://x.com/anyuser/status/1734984089768165688) 2023-12-13T17:10Z 188.5K followers, 440.9K engagements "Following exploitation Midnight Blizzard uses scheduled tasks to keep a variant of VaporRage malware persistent. The VaporRage variant which is similar to malware deployed by the threat actor in recent phishing campaigns abuses Microsoft OneDrive and Dropbox for C2" [X Link](https://x.com/anyuser/status/1734984091320140112) 2023-12-13T17:10Z 188.5K followers, 19.4K engagements "Post-compromise activity includes credential theft using Mimikatz Active Directory enumeration using DSinternals deployment of tunneling tool rsockstun and turning off antivirus and EDR capabilities" [X Link](https://x.com/MsftSecIntel/status/1734984094331654610) 2023-12-13T17:10Z 177.8K followers, 17K engagements "In addition to disrupting the abuse of Microsoft OneDrive for command and control Microsoft Defender Antivirus and Microsoft Defender for Endpoint protect customers against this and other Midnight Blizzard malware" [X Link](https://x.com/MsftSecIntel/status/1734984103877804397) 2023-12-13T17:10Z 178.2K followers, 14.5K engagements "Midnight Blizzard is the latest nation-state threat actor observed exploiting the TeamCity CVE-2023-42793 vulnerability. In October North Korean threat actors Diamond Sleet and Onyx Sleet exploited the same vulnerability in separate attacks:" [X Link](https://x.com/MsftSecIntel/status/1734984105807302982) 2023-12-13T17:10Z 178.2K followers, 15.7K engagements "Although many of the compromises appear to be opportunistic affecting unpatched Internet-facing TeamCity servers Microsoft continues to work with the international cybersecurity community to mitigate the potential risk to software supply chain ecosystems" [X Link](https://x.com/MsftSecIntel/status/1734984107761795372) 2023-12-13T17:10Z 177.8K followers, 14.6K engagements "We are especially grateful to our partners in the international cybersecurity community for their collaboration on this investigation" [X Link](https://x.com/MsftSecIntel/status/1734986327849152995) 2023-12-13T17:19Z 178.9K followers, 15.2K engagements "Microsoft has identified new Qakbot phishing campaigns following the August [----] law enforcement disruption operation. The campaign began on December [--] was low in volume and targeted the hospitality industry. Targets received a PDF from a user masquerading as an IRS employee" [X Link](https://x.com/anyuser/status/1735856754427047985) 2023-12-16T02:57Z 188.5K followers, 205.4K engagements "Listen to Microsoft Threat Research and Intelligence Leader @wesdrone and Microsoft Threat Intelligence Podcast host @sherrod_im talk about the beginnings of ransomware as a service (RaaS) and the similar evolution patterns in the phishing landscape:" [X Link](https://x.com/MsftSecIntel/status/1737522851857539111) 2023-12-20T17:18Z 178K followers, [----] engagements "Microsoft has observed the Iranian nation-state actor Peach Sandstorm attempting to deliver a newly developed backdoor named FalseFont to individuals working for organizations in the Defense Industrial Base (DIB) sector" [X Link](https://x.com/anyuser/status/1737895710169628824) 2023-12-21T18:00Z 188.5K followers, 113.1K engagements "Microsoft has observed threat actors including financially motivated actors like Storm-0569 Storm-1113 Sangria Tempest & Storm-1674 misusing the ms-appinstaller URI scheme (App Installer) to distribute malware. Get TTPs and protection info: https://msft.it/6019i5z9d https://msft.it/6019i5z9d" [X Link](https://x.com/anyuser/status/1740434942578905490) 2023-12-28T18:10Z 188.5K followers, 143.9K engagements "The January [----] security updates are available: Security updates for January [----] are now available Details are here: https://t.co/ItXjYLFR2w #PatchTuesday #SecurityUpdateGuide https://t.co/TLI9NUax7f Security updates for January [----] are now available Details are here: https://t.co/ItXjYLFR2w #PatchTuesday #SecurityUpdateGuide https://t.co/TLI9NUax7f" [X Link](https://x.com/MsftSecIntel/status/1744782256168747299) 2024-01-09T18:04Z 178.8K followers, 19.9K engagements "Microsoft has observed a subset of Iran-based threat actor Mint Sandstorm (PHOSPHORUS) employing new TTPs to improve initial access defense evasion and persistence in campaigns targeting individuals at universities and research orgs. Read our analysis:" [X Link](https://x.com/MsftSecIntel/status/1747666342897963362) 2024-01-17T17:05Z 178.9K followers, 78K engagements "Were inviting members of the infosec community to join the fourth InfoSec Jupyterthon event to meet and engage with security practitioners on using Jupyter notebooks in their daily work:" [X Link](https://x.com/MsftSecIntel/status/1752029893573906688) 2024-01-29T18:04Z 179K followers, 26.6K engagements "Listen to Microsoft Threat Intelligence analysts @Greg_Schloemer & @_matt_kennedy discuss with @sherrod_im what makes the North Korean threat landscape unique and how actors persistently abuse chains of trust to generate revenue for the regime:" [X Link](https://x.com/MsftSecIntel/status/1752742629656195533) 2024-01-31T17:16Z 179K followers, 16.5K engagements "The latest biannual report on Iran from the Microsoft Threat Analysis Center (MTAC) presents details on the series of cyberattacks and influence operations launched by Iranian government-aligned actors since October 2023: https://msft.it/6017iAwg3 https://msft.it/6017iAwg3" [X Link](https://x.com/anyuser/status/1755140157634675176) 2024-02-07T08:03Z 188.5K followers, 50.2K engagements "Microsoft in collaboration with OpenAI is publishing research on emerging threats in the age of AI focusing on identified activity associated with known threat actors Forest Blizzard Emerald Sleet Crimson Sandstorm and others. Learn more:" [X Link](https://x.com/MsftSecIntel/status/1757737702898782214) 2024-02-14T12:05Z 179.3K followers, 131.9K engagements "This Microsoft Threat Intelligence podcast episode with Bryan Prior and Nirit Hinkis from the Microsoft Threat Analysis Center and podcast host @sherrod_im brings context to the intricacies of Irans penchant for cyber-enabled influence operations:" [X Link](https://x.com/MsftSecIntel/status/1759993820912009520) 2024-02-20T17:30Z 179.5K followers, 14.7K engagements "This episode of the Microsoft Threat Intelligence Podcast covers how access to threat intelligence allows incident responders to get better context of the threats they deal with and an idea of what the threat actors' next steps could be:" [X Link](https://x.com/MsftSecIntel/status/1763708294823088530) 2024-03-01T23:30Z 179.5K followers, 17.6K engagements "Host @sherrod_im is joined by Stella Aghakian and Holly Burmaster from the Microsoft Incident Response team to discuss their experiences learnings and challenges in incident response engagements as well as their insights on high-profile threat actors such as Octo Tempest" [X Link](https://x.com/MsftSecIntel/status/1763708296874078536) 2024-03-01T23:30Z 179.5K followers, [----] engagements "The March [----] security updates are available: Security updates for March [----] are now available Details are here: https://t.co/ItXjYLFR2w #PatchTuesday #SecurityUpdateGuide https://t.co/HS2HtWbrap Security updates for March [----] are now available Details are here: https://t.co/ItXjYLFR2w #PatchTuesday #SecurityUpdateGuide https://t.co/HS2HtWbrap" [X Link](https://x.com/MsftSecIntel/status/1767601700653654235) 2024-03-12T17:21Z 179.5K followers, 16.1K engagements "The new capabilities in Microsoft Copilot for Security will help security and IT professionals get more accurate insights on risks and respond faster to threats. 🎉 Microsoft Copilot for Security will be available to all on April [--] Find out why 97% of surveyed security professionals who have tried Copilot say they want to use it again: https://t.co/PyeRCzZHfJ #MicrosoftCopilot #MSSecure 🎉 Microsoft Copilot for Security will be available to all on April [--] Find out why 97% of surveyed security professionals who have tried Copilot say they want to use it again: https://t.co/PyeRCzZHfJ" [X Link](https://x.com/MsftSecIntel/status/1767948606839910438) 2024-03-13T16:19Z 179.6K followers, 20.3K engagements "Phishing campaigns including ones related to known phishing-as-a-service (PhaaS) platforms such as Tycoon and NakedPages are taking advantage of the tax season in the US for social engineering" [X Link](https://x.com/MsftSecIntel/status/1770514899468173458) 2024-03-20T18:17Z 179.7K followers, 31.1K engagements "A campaign related to the Tycoon PhaaS platform involved emails masquerading as W-2 & W-9 tax form notifications payroll tax documents & other payment-related lures. The emails contained an HTML attachment that loaded a Cloudflare captcha check followed by a phishing page" [X Link](https://x.com/MsftSecIntel/status/1770514905004642513) 2024-03-20T18:17Z 179.6K followers, [---] engagements "Microsoft also observed phishing campaigns related to the AiTM phishing kit NakedPages. The emails masqueraded as DocuSign shared documents related to tax adjustments and contained an image that when clicked initiates redirections that eventually lead to a phishing page" [X Link](https://x.com/MsftSecIntel/status/1770514918258696685) 2024-03-20T18:17Z 179.6K followers, [---] engagements "As much as 40% of vulnerabilities in open-source code don't have CVEs & are at risk of remaining widely unknown & unpatched. @WeldPond discusses how AI helps to identify vulnerabilities in open-source code & empower developers to find vulnerabilities in their own code & fix them" [X Link](https://x.com/MsftSecIntel/status/1773750718299545863) 2024-03-29T16:35Z 179.7K followers, 14.6K engagements "Microsoft Copilot for Security generally available today is informed by large-scale data and Microsoft threat intelligence to deliver insights and improve security outcomes. It has prebuilt promptbooks collections of prompts that accomplish specific security-related tasks" [X Link](https://x.com/MsftSecIntel/status/1774860857769447911) 2024-04-01T18:06Z 179.8K followers, 38.1K engagements "Read this FAQ on the XZ Utils vulnerability CVE-2024-3094 and get guidance on assessing exposure and discovering affected devices using Microsoft Defender Vulnerability Management Microsoft Defender for Cloud and Microsoft Security Exposure Management: https://msft.it/6015cLJVB https://msft.it/6015cLJVB" [X Link](https://x.com/MsftSecIntel/status/1775321066304348263) 2024-04-03T00:35Z 180.1K followers, 21K engagements "Microsoft Threat Analysis Centers latest report notes that China is using fake social media accounts to poll U.S. voters on what divides them most to sow division and possibly influence the outcome of the U.S. presidential election in its favor. https://msft.it/6012cFTle https://msft.it/6012cFTle" [X Link](https://x.com/anyuser/status/1776296340701462936) 2024-04-05T17:10Z 188.5K followers, 83.9K engagements "The April [----] security updates are available: Security updates for April [----] are now available Details are available here: https://t.co/ItXjYLGoS4 #PatchTuesday #SecurityUpdateGuide https://t.co/M4xaXMiiGk Security updates for April [----] are now available Details are available here: https://t.co/ItXjYLGoS4 #PatchTuesday #SecurityUpdateGuide https://t.co/M4xaXMiiGk" [X Link](https://x.com/MsftSecIntel/status/1777746237212475496) 2024-04-09T17:11Z 179.8K followers, 14.9K engagements "Microsoft will now publish root cause data for Microsoft CVEs using the Common Weakness Enumeration (CWE) industry standard. Learn more: We are pleased to announce that we will now publish root cause data for all Microsoft CVEs using the Common Weakness Enumeration (CWE) industry standard. This standard will facilitate more effective community discussions about finding and mitigating these weaknesses in existing https://t.co/5Ro8wG2S3f We are pleased to announce that we will now publish root cause data for all Microsoft CVEs using the Common Weakness Enumeration (CWE) industry standard. This" [X Link](https://x.com/MsftSecIntel/status/1777772790004814318) 2024-04-09T18:57Z 179.8K followers, 28.9K engagements "The exploitation of vulnerable drivers including the technique known as bring your own vulnerable driver (BYOVD) has become a favored strategy among threat actors to gain kernel-level access. Get an investigation guide from Microsoft Incident Response: https://msft.it/6019c4aUW https://msft.it/6019c4aUW" [X Link](https://x.com/MsftSecIntel/status/1777789431165952480) 2024-04-09T20:03Z 179.9K followers, 24.1K engagements "Microsoft has tracked at least [--] Russian actors engaged in Ukraine-focused disinformation campaigns concentrated on undermining support for Ukraine. Meanwhile China seeks to exploit societal polarization and diminish faith in US democratic systems: https://msft.it/6013Y8noc https://msft.it/6013Y8noc" [X Link](https://x.com/MsftSecIntel/status/1781008290387816479) 2024-04-18T17:14Z 180.2K followers, 16.7K engagements "In the first quarter of [----] established ransomware families like Akira Lockbit Play and Phobos were still the most predominantly used in attacks observed by Microsoft. Microsoft now tracks [--] active ransomware families" [X Link](https://x.com/MsftSecIntel/status/1781353314413605345) 2024-04-19T16:05Z 180.2K followers, 29.8K engagements "Meanwhile Microsoft tracks more than [---] ransomware threat actors including nation-state actors and cybercrime groups. These threat actors continue to exploit vulnerabilities in various software and services to gain initial access" [X Link](https://x.com/MsftSecIntel/status/1781353317701914829) 2024-04-19T16:05Z 180.3K followers, [----] engagements "Vulnerabilities exploited include Mirth Connect (CVE-2023-37679 CVE-2023-43208) ConnectWise ScreenConnect (CVE-2024-1709 CVE-2024-1708) JetBrains TeamCity (CVE-2024-27198 CVE-2024-27199) and Fortinet FortiClient EMS (CVE-2023-48788)" [X Link](https://x.com/MsftSecIntel/status/1781353319341928668) 2024-04-19T16:05Z 180.3K followers, [----] engagements "Microsoft has identified longstanding activity by the Russian-based threat actor we track as Forest Blizzard using a custom tool we call GooseEgg to exploit CVE-2022-38028 in the Windows Print Spooler service to elevate permissions and steal credentials: https://msft.it/6014YG3oI https://msft.it/6014YG3oI" [X Link](https://x.com/anyuser/status/1782442803911426253) 2024-04-22T16:14Z 188.5K followers, 84.7K engagements "Yesterday @TalosSecurity released a threat intelligence blog detailing the ArcaneDoor espionage-focused campaign. Microsoft Threat Intelligence collaborated with Cisco Talos to provide data and analysis on the threat actor Storm-1849 (UAT4356). https://msft.it/6015YJdzL https://msft.it/6015YJdzL" [X Link](https://x.com/MsftSecIntel/status/1783595587104870429) 2024-04-25T20:35Z 180.2K followers, 23.3K engagements "Microsoft shares guidance on how defenders can utilize Azure logs to enhance threat hunting capabilities & proactively identify potential security threats in their environment: https://msft.it/6014YO1Ms https://msft.it/6014YO1Ms" [X Link](https://x.com/MsftSecIntel/status/1785365845180400100) 2024-04-30T17:49Z 180.3K followers, 18.1K engagements "Microsoft identified a vulnerability pattern in multiple popular Android apps that could enable a malicious app to overwrite files in the vulnerable apps home directory which could lead to arbitrary code execution and token theft among other impacts: https://msft.it/6011YPK7J https://msft.it/6011YPK7J" [X Link](https://x.com/MsftSecIntel/status/1785731560374731034) 2024-05-01T18:02Z 180.3K followers, 17K engagements "The discovery of the XZ vulnerability by Microsoft partner software engineer @AndresFreundTec is a wake-up call to both the open source and infosec communities as it raises the importance of security measures such as code review in the open source community" [X Link](https://x.com/MsftSecIntel/status/1788261551935213608) 2024-05-08T17:35Z 180.3K followers, 22.1K engagements "@AndresFreundTec In this episode of The Microsoft Threat Intelligence podcast @AndresFreundTec Senior security researcher @fr0gger_ & @sherrod_im discuss the discovery of the XZ backdoor as well as findings in tracking its development & the actor behind it. https://msft.it/6015YVKT1 https://msft.it/6015YVKT1" [X Link](https://x.com/MsftSecIntel/status/1788261553441050950) 2024-05-08T17:35Z 180.4K followers, 15.2K engagements "The macOS cryptocurrency wallet stealer malware known as Activator which we first observed in December [----] remains a very active threat. Microsoft data shows a surge in network activity associated with the Activator in March [----] and has remained elevated" [X Link](https://x.com/MsftSecIntel/status/1788962208120013250) 2024-05-10T16:00Z 180.5K followers, 28.1K engagements "Since mid-April [----] Microsoft Threat Intelligence has observed the threat actor Storm-1811 misusing the client management tool Quick Assist to target users in social engineering attacks that lead to Black Basta ransomware. https://msft.it/6017YXfJS https://msft.it/6017YXfJS" [X Link](https://x.com/MsftSecIntel/status/1790775114667081915) 2024-05-15T16:03Z 180.5K followers, 74.4K engagements "Alongside the announcement of Copilot+ PCs Microsoft is introducing important security features and updates that make Windows [--] more secure for users and organizations and give developers the tools to prioritize security: https://msft.it/6019YZvH3 https://msft.it/6019YZvH3" [X Link](https://x.com/MsftSecIntel/status/1792640186154614887) 2024-05-20T19:35Z 180.5K followers, 15.3K engagements "In a single instance Storm-0539 can extract tens of thousands of dollars by issuing new gift cards and sending them to dozens of email addresses. Today at #SLEUTHCON [----] Microsoft Threat Intelligence experts delivered a talk on Storm-0539. https://msft.it/6011Yd1bz https://msft.it/6011Yd1bz" [X Link](https://x.com/MsftSecIntel/status/1794028088575000912) 2024-05-24T15:30Z 180.5K followers, [---] engagements "Also known as Atlas Lion and active since late [----] Storm-0539 operates out of Morocco and primarily targets the retail sector but have also affected other industries like telecommunication and technology" [X Link](https://x.com/MsftSecIntel/status/1794028090303168820) 2024-05-24T15:30Z 180.5K followers, [---] engagements "Storm-0539 carries out extensive reconnaissance of target organizations to craft convincing phishing lures and steal credentials and tokens for initial access" [X Link](https://x.com/MsftSecIntel/status/1794028092077257117) 2024-05-24T15:30Z 180.5K followers, [---] engagements "Microsoft has identified a new North Korean threat actor Moonstone Sleet (Storm-1789) that combines many tried-and-true techniques used by other North Korean threat actors with unique attack methodologies for financial and cyberespionage objectives. https://msft.it/6017Ygsud https://msft.it/6017Ygsud" [X Link](https://x.com/MsftSecIntel/status/1795486441859961273) 2024-05-28T16:05Z 180.6K followers, 30.2K engagements "Moonstone Sleet is observed to set up fake companies and job opportunities to engage with potential targets employ trojanized versions of legitimate tools create a malicious game called DeTankWar and deliver a new custom ransomware that Microsoft has named FakePenny" [X Link](https://x.com/MsftSecIntel/status/1795486443428630894) 2024-05-28T16:05Z 180.6K followers, [----] engagements "Read our latest blog to get our analysis of several notable TTPs used by Moonstone Sleet in various campaigns and to get recommendations for defending against this threat actor" [X Link](https://x.com/MsftSecIntel/status/1795486445383135584) 2024-05-28T16:05Z 180.6K followers, [----] engagements "Prolific Russian influence actors tracked by Microsoft as Storm-1679 and Storm-1099 have pivoted their operations since June [----] to focus on the Olympics. Learn more from this report published by Microsoft Threat Analysis Center (MTAC): https://msft.it/6015YmuFv https://msft.it/6015YmuFv" [X Link](https://x.com/MsftSecIntel/status/1797657400469598639) 2024-06-03T15:51Z 180.8K followers, 32.6K engagements "Learn from @markrussinovich as he shares with @sherrod_im his journey developing Sysinternals working in the cloud with Azure and discovering Crescendo a technique that tricks LLMs into generating malicious content by exploiting their own responses: https://msft.it/6015YFyYD https://msft.it/6015YFyYD" [X Link](https://x.com/MsftSecIntel/status/1803465268598894674) 2024-06-19T16:30Z 180.9K followers, [----] engagements "The Microsoft Copilot for Security threat intelligence embedded experience in Defender XDR now generally available contextualizes and summarizes intelligence from across MDTI and threat analytics about threat actors threat tooling and incidents IoCs: https://msft.it/6019YAIfb https://msft.it/6019YAIfb" [X Link](https://x.com/MsftSecIntel/status/1805730192377237620) 2024-06-25T22:30Z 180.9K followers, 17.9K engagements "Microsoft researchers discovered two vulnerabilities in Rockwell Automations PanelView Plus that could be remotely exploited to allow RCE and DoS. PanelView Plus devices are graphic terminals used in the industrial sector. Get analysis & protection info: https://msft.it/6016l8U7A https://msft.it/6016l8U7A" [X Link](https://x.com/MsftSecIntel/status/1808171776674865339) 2024-07-02T16:12Z 183.3K followers, 12.6K engagements "In the second quarter of [----] financially motivated threat actor Octo Tempest our most closely tracked ransomware threat actor added RansomHub and Qilin to its ransomware payloads in campaigns" [X Link](https://x.com/MsftSecIntel/status/1812932749314978191) 2024-07-15T19:30Z 181.6K followers, 54.2K engagements "Heres your guide on the extensive Microsoft threat intelligence research and AI-first end-to-end security expertise you can look forward to on the main stage briefings and theater sessions at the Microsoft booth at Black Hat USA 2024: https://msft.it/6016luRCK https://msft.it/6016luRCK" [X Link](https://x.com/MsftSecIntel/status/1813623450373877841) 2024-07-17T17:15Z 183K followers, [----] engagements ".@ajohnsocyber will take the stage with @sherrod_im to share threat intelligence insights & best practices from the Office of the CISO. Microsoft will also be part of the AI Summit joining the Balancing Security & Innovation - Risks & Rewards in AI-Driven Cybersecurity panel" [X Link](https://x.com/MsftSecIntel/status/1813623452961833261) 2024-07-17T17:15Z 183K followers, [----] engagements "@ajohnsocyber @sherrod_im Threat analysts & researchers will be at Microsoft booth #1240 to connect and share insights. Get live demos of Copilot for Security and other solutions. Schedule in-person meeting with Microsoft leaders & experts focused on your topic of interest: https://msft.it/6017luRCz https://msft.it/6017luRCz" [X Link](https://x.com/MsftSecIntel/status/1813623455293817247) 2024-07-17T17:15Z 181.4K followers, [----] engagements "@ajohnsocyber @sherrod_im Reserve your spot at the Microsoft Security VIP Mixer co-hosted by Ann Johnson and Aarti Borkar to connect and network with fellow industry experts: https://msft.it/6018luRCM https://msft.it/6018luRCM" [X Link](https://x.com/MsftSecIntel/status/1813623457877544980) 2024-07-17T17:15Z 181.5K followers, [----] engagements "Learn more about the Microsoft AI Bounty program that aims to better secure Microsoft Copilot by inviting security researchers to report high impact security vulnerabilities in this episode of the Microsoft Threat Intelligence podcast hosted by @sherrod_im https://msft.it/6019lRMOf https://msft.it/6019lRMOf" [X Link](https://x.com/MsftSecIntel/status/1813974512808952204) 2024-07-18T16:30Z 181.6K followers, [----] engagements "@sherrod_im Lynn Miyashita & Andrew Paverd also talk about what defines an AI bug and the potential for finding vulnerabilities that span the traditional scope of a bug hunter and new vulnerabilities that may arise because of AI. Details on the bounty program here: https://msft.it/6012lRMOC https://msft.it/6012lRMOC" [X Link](https://x.com/MsftSecIntel/status/1813974515480994190) 2024-07-18T16:30Z 181.5K followers, [----] engagements "New Recovery Tool to help with CrowdStrike issue impacting Windows endpoints https://msft.it/6014lp4J0 https://msft.it/6014lp4J0" [X Link](https://x.com/MsftSecIntel/status/1815429775143694372) 2024-07-22T16:52Z 182.3K followers, 21.3K engagements "Microsoft has uncovered a vulnerability in ESXi hypervisors identified as CVE-2024-37085 being exploited by threat actors to obtain full administrative permissions on domain-joined ESXi hypervisors and encrypt critical servers in ransomware attacks. https://msft.it/6012lbTai https://msft.it/6012lbTai" [X Link](https://x.com/anyuser/status/1817956927000682955) 2024-07-29T16:14Z 188.5K followers, 670.1K engagements "At 12:00 PM catch our session Targets of Opportunity: Overview of a Global Exploitation Campaign by Russian Military Intelligence which details the TTPs used by a threat actor we track as Seashell Blizzard to gain initial access to systems as presented by Michael Matonis" [X Link](https://x.com/MsftSecIntel/status/1821252470271586347) 2024-08-07T18:30Z 182.7K followers, [----] engagements "At 12:30 PM Stephen Manz presents Queries timing out Memory limitations How to make your Kusto threat hunting queries more efficient including some fun techniques for writing more advanced queries too" [X Link](https://x.com/MsftSecIntel/status/1821260019834196406) 2024-08-07T19:00Z 182.7K followers, [----] engagements "At 1:00 PM join Judy Ng and Kristina Savelesky at our booth for some Threat Actor TTP Trivia. Learn more about Microsofts threat intelligence landscape and test your threat actor and TTP knowledge with our trivia game" [X Link](https://x.com/MsftSecIntel/status/1821267569254207850) 2024-08-07T19:30Z 182.9K followers, [----] engagements "At 12:00 PM catch our session Storm-0539: How the threat intelligence shows up for customers to learn more about the tools and methods used to bring actionability to threat intelligence as presented by @soul_crusher86 and Alison Ali" [X Link](https://x.com/MsftSecIntel/status/1821614856904094036) 2024-08-08T18:30Z 184.4K followers, [----] engagements "At 12:30 PM @obnoxious4n6 presents The Winds of Change The Evolution of Octo Tempest detailing the evolution of Octo Tempest and a walk through of the threat actor's operations across the attack chain including their extensive abuse of identity and cloud technologies" [X Link](https://x.com/MsftSecIntel/status/1821622405871153468) 2024-08-08T19:00Z 184.4K followers, [----] engagements "At 1:00 PM find Ryan Caney and Aled Masons session Unraveling GooseEgg: Forest Blizzard's Tool For CVE-2022-38028 for an in-depth analysis of this Russia-based threat actor and their custom tool GooseEgg used to exploit a vulnerability in the Windows Print Spooler service" [X Link](https://x.com/MsftSecIntel/status/1821629956000006382) 2024-08-08T19:30Z 184.5K followers, [----] engagements "The Microsoft Threat Analysis Center (MTAC) shares intelligence about Iranian actors laying the groundwork for influence operations aimed at US audiences and potentially seeking to impact the [----] US presidential election: https://msft.it/6018llWQs https://msft.it/6018llWQs" [X Link](https://x.com/anyuser/status/1821760817592758754) 2024-08-09T04:10Z 188.5K followers, 199.5K engagements "Microsoft has detected a 111% year-over-year increase in token replay attacks and incidents are continuing to grow. https://msft.it/6011lSgZ7 https://msft.it/6011lSgZ7" [X Link](https://x.com/MsftSecIntel/status/1824121402217082914) 2024-08-15T16:30Z 184.4K followers, 66.8K engagements "Threat actors leverage compromised identities to achieve a significant level of access to target networks. Implementing multi-factor authentication (MFA) remains an essential pillar in identity security and can block more than 99.2% of account compromise attacks. 🔐 Multifactor authentication is one of the most effective ways to protect against cyberattacks yet most accounts don't use it. Learn why MFA login will be mandatory for Azure sign-in this year: https://t.co/kbcwOk5sdJ 🔐 Multifactor authentication is one of the most effective ways to protect against cyberattacks yet most accounts" [X Link](https://x.com/MsftSecIntel/status/1825929538062176634) 2024-08-20T16:15Z 184.5K followers, 18.1K engagements "The introduction of mandatory MFA for all Azure sign-ins will help better protect Azure accounts from unauthorized access. Read the Azure blog to learn more about this change" [X Link](https://x.com/MsftSecIntel/status/1825929541509857326) 2024-08-20T16:15Z 184.4K followers, [----] engagements "Microsoft observed Iranian state-sponsored threat actor Peach Sandstorm deploying a new custom multi-stage backdoor named Tickler in attacks against multiple sectors in the United States and the United Arab Emirates. https://msft.it/6015lfpO5 https://msft.it/6015lfpO5" [X Link](https://x.com/MsftSecIntel/status/1828812282601656719) 2024-08-28T15:10Z 184.3K followers, 44.9K engagements "Microsoft identified a North Korean threat actor exploiting a zero-day vulnerability in Chromium (CVE-2024-7971) to gain remote code execution. Our assessment of ongoing analysis and observed infrastructure attributes this activity to Citrine Sleet. https://msft.it/6010l7S6w https://msft.it/6010l7S6w" [X Link](https://x.com/anyuser/status/1829550899766653064) 2024-08-30T16:05Z 188.5K followers, 103.8K engagements "Through the unified security operations platform defenders can use Microsoft Copilot for Security features such as incident summaries guided investigations script analysis and advanced hunting on Microsoft Sentinel data" [X Link](https://x.com/MsftSecIntel/status/1832098924498223414) 2024-09-06T16:49Z 184K followers, [----] engagements "The correlation of alerts and data from Defender workloads and third-party sources ingested by Microsoft Sentinel streamlines security operations and provides deeper insights into potential threats and vulnerabilities. Learn more: https://msft.it/6018mGets https://msft.it/6018mGets" [X Link](https://x.com/MsftSecIntel/status/1832098926171717879) 2024-09-06T16:49Z 184.1K followers, [----] engagements "The September [----] security updates are available: Security updates for September [----] are now available. Details are available here: https://t.co/ItXjYLGoS4 #PatchTuesday #SecurityUpdateGuide https://t.co/ZEJC485SVF Security updates for September [----] are now available. Details are available here: https://t.co/ItXjYLGoS4 #PatchTuesday #SecurityUpdateGuide https://t.co/ZEJC485SVF" [X Link](https://x.com/MsftSecIntel/status/1833562169532715016) 2024-09-10T17:44Z 184.3K followers, [----] engagements "Microsoft has observed threat actors in North Korea such as Onyx Sleet and Citrine Sleet diversifying their attacks that aim to gather intelligence and generate revenue in support of the North Korean regime. https://msft.it/6015mOd15 https://msft.it/6015mOd15" [X Link](https://x.com/MsftSecIntel/status/1834268231722246535) 2024-09-12T16:30Z 183.9K followers, 10.9K engagements "Onyx Sleet has been observed to now support both intelligence gathering and revenue generation for North Korea conducting cyber espionage through numerous campaigns and more recently deploying ransomware in their attacks" [X Link](https://x.com/MsftSecIntel/status/1834268234192695640) 2024-09-12T16:30Z 184K followers, [---] engagements "Meanwhile Citrine Sleet an actor known to commonly use AppleJeus to steal cryptocurrency assets recently exploited a zero-day vulnerability in Chromium to gain remote code execution & launch the sophisticated rootkit FudModule" [X Link](https://x.com/MsftSecIntel/status/1834268236247900182) 2024-09-12T16:30Z 184K followers, [----] engagements "To help defenders get better access to relevant threat intelligence articles the Microsoft Defender XDR portal home page now displays featured Microsoft Defender Threat Intelligence (MDTI) articles to highlight noteworthy Microsoft content. https://msft.it/6017mPalP https://msft.it/6017mPalP" [X Link](https://x.com/MsftSecIntel/status/1834640767895101855) 2024-09-13T17:10Z 184K followers, [----] engagements "The latest Microsoft Threat Analysis Center (MTAC) elections report is now available detailing Russian influence activities by actors such as Storm-1516 Storm-1679 Ruza Flood Volga Flood and more: https://msft.it/6019mpiUN https://msft.it/6019mpiUN" [X Link](https://x.com/MsftSecIntel/status/1836125472771514856) 2024-09-17T19:30Z 184K followers, 18.3K engagements "Microsoft observed the financially motivated threat actor tracked as Vanilla Tempest using INC ransomware for the first time to target the healthcare sector in the United States" [X Link](https://x.com/MsftSecIntel/status/1836456406276342215) 2024-09-18T17:25Z 184.1K followers, [--] engagements "Vanilla Tempest has been active since July [----] and commonly targets the education healthcare IT and manufacturing sectors in attacks involving various ransomware payloads such as BlackCat Quantum Locker Zeppelin and Rhysida" [X Link](https://x.com/MsftSecIntel/status/1836456421195395156) 2024-09-18T17:25Z 184K followers, [----] engagements "Microsoft Defender for Endpoint detects multiple stages of Vanilla Tempest activity and known INC ransomware and other malware identified in this campaign. For more info and guidance on defending against ransomware visit https://msft.it/6018mVUop https://msft.it/6018mVUop" [X Link](https://x.com/MsftSecIntel/status/1836456422831210648) 2024-09-18T17:25Z 184.2K followers, [----] engagements "Microsoft experts discuss the impact of defenders having tools such as Kusto Query Language (KQL) to hunt for threats as well as attackers using social engineering and PowerShell to deploy malware such as infostealers: https://msft.it/6017meDNJ https://msft.it/6017meDNJ" [X Link](https://x.com/MsftSecIntel/status/1838979276822999415) 2024-09-25T16:30Z 184K followers, 13.8K engagements "The financially motivated cybercriminal group that Microsoft tracks as Storm-0501 has been observed exfiltrating data and deploying Embargo ransomware after moving laterally from on-premises to the cloud environment. https://msft.it/6013m5gnf https://msft.it/6013m5gnf" [X Link](https://x.com/MsftSecIntel/status/1839351671534604450) 2024-09-26T17:09Z 184.5K followers, 54.3K engagements "Microsoft's Digital Crimes Unit (DCU) is disrupting the technical infrastructure used by a persistent Russian nation-state threat actor that Microsoft tracks as Star Blizzard. https://msft.it/6017mUXoV https://msft.it/6017mUXoV" [X Link](https://x.com/MsftSecIntel/status/1841878238164889999) 2024-10-03T16:29Z 184.5K followers, 16.8K engagements "The US District Court for the District of Columbia unsealed a civil action brought by Microsofts DCU including its order authorizing Microsoft to seize [--] unique domains used by Star Blizzard in cyberattacks targeting Microsoft customers globally including throughout the US" [X Link](https://x.com/MsftSecIntel/status/1841878239821640114) 2024-10-03T16:29Z 183.9K followers, [----] engagements "Star Blizzard has continuously refined their detection evasion capabilities while remaining focused on email credential theft against the same targets. This blog provides updated technical information about Star Blizzard TTPs: https://msft.it/6018mUXon https://msft.it/6018mUXon" [X Link](https://x.com/MsftSecIntel/status/1841878241621008542) 2024-10-03T16:29Z 183.9K followers, [----] engagements "Browser anomalies such as unexpected account access from a distant geographical location and an unusual browser could indicate account compromise. Additionally discrepancies in a user's attributes in browser sessions could be a sign of hijacking. https://msft.it/6010mqaMq https://msft.it/6010mqaMq" [X Link](https://x.com/MsftSecIntel/status/1842236817149436126) 2024-10-04T16:14Z 184.5K followers, 11.5K engagements "Automatic attack disruption in Microsoft Defender XDR detects such anomalies in browser activities to stop threats such as account compromise and session hijacking related to adversary-in-the-middle (AiTM) and business email compromise" [X Link](https://x.com/MsftSecIntel/status/1842236821830320207) 2024-10-04T16:14Z 184.5K followers, [----] engagements "Microsoft has observed that campaigns which misuse legitimate file hosting services are increasingly using certain defense evasion tactics most commonly leading to business email compromise (BEC) attacks. Get mitigation detection and hunting guidance: https://msft.it/6010maP70 https://msft.it/6010maP70" [X Link](https://x.com/MsftSecIntel/status/1843692403212829029) 2024-10-08T16:38Z 184.1K followers, 40.6K engagements "The October [----] security updates are available: Security updates for October [----] are now available. Details are available here: https://t.co/ItXjYLFR2w #PatchTuesday #SecurityUpdateGuide https://t.co/CtPn5fVAk2 Security updates for October [----] are now available. Details are available here: https://t.co/ItXjYLFR2w #PatchTuesday #SecurityUpdateGuide https://t.co/CtPn5fVAk2" [X Link](https://x.com/MsftSecIntel/status/1843812987821330491) 2024-10-09T00:37Z 184K followers, [----] engagements "Learn about how East Asia threat actors changed their techniques in their operations to achieve familiar goals in this episode of the Microsoft Threat Intelligence podcast with Nick Monaco from the Microsoft Threat Analysis Center (MTAC) and @sherrod_im https://msft.it/6018mxlKM https://msft.it/6018mxlKM" [X Link](https://x.com/MsftSecIntel/status/1844052707377553699) 2024-10-09T16:30Z 184.1K followers, 11K engagements "Since the beginning of September [----] Microsoft Threat Intelligence has observed a phishing campaign using emails with eFax themed lures containing links or QR codes within PDF attachments leading to a domain controlled by the EvilProxy phishing-as-a-service (PhaaS) platform" [X Link](https://x.com/anyuser/status/1844777483591143479) 2024-10-11T16:30Z 188.5K followers, 41.2K engagements Limited data mode. Full metrics available with subscription: lunarcrush.com/pricing
@MsftSecIntel Microsoft Threat Intelligence
Microsoft Threat Intelligence posts on X about microsoft, actor, in the, phishing the most. They currently have [-------] followers and [---] posts still getting attention that total [-----] engagements in the last [--] hours.
Engagements: [-----] #
- [--] Week [-------] +417%
- [--] Month [-------] +151%
- [--] Months [-------] -53%
- [--] Year [---------] -66%
Mentions: [--] #
- [--] Months [--] -45%
- [--] Year [---] -44%
Followers: [-------] #
- [--] Week [-------] +0.20%
- [--] Month [-------] +0.26%
- [--] Months [-------] +0.87%
- [--] Year [-------] +2.30%
CreatorRank: [-------] #
Social Influence
Social category influence technology brands stocks countries finance social networks fashion brands ncaa football currencies travel destinations
Social topic influence microsoft #185, actor, in the, phishing, code, a new, target, to the, software, discovered
Top accounts mentioned or mentioned by @sherrodim @cyberwarcon @ajohnsocyber @andresfreundtec @blacklotuslabs @skocherhan @microsoft @yoyoyojbo @blackhat @atlassian @simandsec @laurenleigh522 @ehaeghebaert @reprise99 @x71n3 @malwareforme @wesdrone @gregschloemer @mattkennedy @weldpond
Top assets mentioned Microsoft Corp. (MSFT) Crowdstrike Holdings Inc (CRWD) April (APRIL) Sentinel (P2P)
Top Social Posts
Top posts by engagements in the last [--] hours
"Microsoft Threat Intelligence uncovered a macOS vulnerability tracked as CVE-2025-31199 that could allow attackers to steal private data of files normally protected by Transparency Consent and Control (TCC) such as caches used by Apple Intelligence. https://msft.it/6015sHUoS https://msft.it/6015sHUoS"
X Link 2025-07-28T16:01Z 188.5K followers, 88.1K engagements
"To help protect against these attacks Microsoft Defender for Office [---] uses machine learning and detonation technology to automatically analyze new and unknown threats in real time backed by Microsoft researchers closely monitoring the trend to ensure continued coverage"
X Link 2020-11-25T18:07Z 187.6K followers, [--] engagements
"Microsoft Incident Response's investigation of a BlackByte [---] ransomware attack that progressed in less than five days highlights the importance of disrupting common attack patterns stopping attacker activities that precede ransomware deployment: https://msft.it/6010gxvlQ https://msft.it/6010gxvlQ"
X Link 2023-07-06T17:02Z 188.5K followers, 56.9K engagements
"Microsoft Threat Intelligence has observed North Korean state actor Emerald Sleet (also known as Kimsuky and VELVET CHOLLIMA) using a new tactic: tricking targets into running PowerShell as an administrator and then pasting and running code provided by the threat actor"
X Link 2025-02-11T20:15Z 188.5K followers, 126.5K engagements
"To execute this tactic the threat actor masquerades as a South Korean government official and over time builds rapport with a target before sending a spear-phishing email with an PDF attachment"
X Link 2025-02-11T20:15Z 187.7K followers, [----] engagements
"Microsoft Incident Response researchers uncovered a novel remote access trojan (RAT) that demonstrates sophisticated techniques to evade detection persist in the target environment and exfiltrate sensitive data. https://msft.it/6013qVXAl https://msft.it/6013qVXAl"
X Link 2025-03-17T17:02Z 188.5K followers, 119.8K engagements
"GitHub is strengthening npm security with stricter authentication granular tokens and enhanced trusted publication. This is in response to the surge of account takeovers on package registries like npm. In these attacks threat actors gain unauthorized access to maintainer accounts and distribute malicious code through trusted packages. A recent example of such an attack is the Shai-Hulud attack a self-replicating worm that infiltrated the npm ecosystem via compromised maintainer accounts. The worm replicated by injecting malicious post-install scripts into popular JavaScript packages and was"
X Link 2025-09-23T21:24Z 187.8K followers, 11K engagements
"Storm-1175 a financially motivated threat actor known for deploying Medusa ransomware was observed exploiting the CVE-2025-10035 vulnerability in GoAnywhere MFT's License Servlet. Read our analysis and get detection and hunting guidance: https://msft.it/6018sIfKr https://msft.it/6018sIfKr"
X Link 2025-10-06T17:07Z 187.6K followers, 18K engagements
"Threat actors seek to abuse Microsoft Teams features and capabilities at different points along the attack chain raising the stakes for defenders to proactively monitor detect and respond. Read our latest blog to get extensive recommendations for countermeasures and controls across identity endpoints data apps and network layers to help harden enterprise Teams environments. https://msft.it/6015sLUrP https://msft.it/6015sLUrP https://msft.it/6015sLUrP https://msft.it/6015sLUrP"
X Link 2025-10-07T17:05Z 187.6K followers, 14.5K engagements
"The Microsoft Digital Defense Report [----] shows how threats are evolving faster than ever fueled by AI. Key insights from report include: -More than 50% of cyberattacks with known motives had financial objectives such as extortion or ransom while only 4% were motivated solely by espionage. -For initial access attacks targeted well-known exposure footprint including web-facing assets (18%) external remote services (12%) and supply chains (3%). -Meanwhile identity-based attacks rose by 32%. More than 97% of identity attacks are password spray or brute force attacks. -There has been an 87%"
X Link 2025-10-16T14:50Z 187.6K followers, 10.3K engagements
"Azure Blob Storage is a high-value target for threat actors due to its critical role in storing and managing massive amounts of unstructured data at scale across diverse workloads: Threat actors are actively seeking opportunities to compromise environments that host downloadable media or maintain large-scale data repositories leveraging the flexibility and scale of Blob Storage to target a broad spectrum of organizations. Attackers exploit misconfigurations exposed credentials and evolving cloud tactics adapting their techniques to the unique attack surface of Blob Storagewhether probing for"
X Link 2025-10-20T16:02Z 187.6K followers, 10K engagements
""Threats are accelerating yet our defensive capabilities have never been stronger. The gap is not technology. The gap is in how we think about and operationalize security." In her latest blog post Microsoft CVP and Deputy CISO @ajohnsocyber explores the challenges and opportunities for CISOs in responding to the accelerating threat landscape highlighted in the Microsoft Digital Defense Report [----]. Ann shares her thoughts on the evolved CISO mandate proven strategies for operationalizing security resilience and steps to strengthen resilience and response in organizations."
X Link 2025-10-22T22:18Z 187.6K followers, [----] engagements
"Microsoft Incident Response Detection and Response Team (DART) uncovered SesameOp a new backdoor that uses the OpenAI Assistants API for C2. DART shared the findings with OpenAI who identified and disabled an API key and associated account. SesameOp uses the OpenAI Assistants API as a storage or relay mechanism to fetch commands which the malware then decrypts and executes locally. Once the tasks are completed it sends the results back to OpenAI as a message. To stay under the radar the backdoor uses compression and encryption. Microsoft and OpenAI jointly investigated the threat actors use"
X Link 2025-11-03T17:23Z 187.8K followers, 28.2K engagements
"In the latest Microsoft Threat Intelligence Podcast episode Sherrod DeGrippo and Zack Korman explore the future risks and opportunities that AI introduces in cybersecurity cutting through hype to discuss where AI is both brilliant and flawed: https://msft.it/6019tyTmc https://msft.it/6019tyTmc"
X Link 2025-11-05T19:15Z 187.8K followers, [----] engagements
"Dive into the heart of threat intelligence as Principal Security Researcher @yo_yo_yo_jbo reveals how proactive security research powers Microsofts defenses: The relentless hunt for vulnerabilitieslike the HM Surf exploitspotlights how research doesnt just chase attackers but anticipates them. Cross-platform research extends protection beyond Windows covering Linux Mac and Androidensuring Defender follows wherever customers go. By using this research to create generalized detections the team prepares for future threats not just current ones. The scale of impact is multiplied by AI with tools"
X Link 2025-11-07T16:50Z 187.8K followers, [----] engagements
"Microsoft has discovered a new type of side-channel attack against streaming-mode language models using network packet sizes and timings. An attacker in a position to observe the encrypted traffic could use this type of side-channel attack to conclude language model conversation topics. This could put the privacy of user and enterprise communications with chatbots at risk despite end-to-end encryption via TLS. We worked with multiple cloud providers of language models to mitigate the risk and ensured that Microsoft-owned language model frameworks are protected. Learn more:"
X Link 2025-11-07T19:47Z 187.8K followers, 13.3K engagements
"The November [----] security updates are available: Security updates for November [----] are now available Details are here: https://t.co/WW89TcgFXA #PatchTuesday #SecurityUpdateGuide https://t.co/oZI6moVcad Security updates for November [----] are now available Details are here: https://t.co/WW89TcgFXA #PatchTuesday #SecurityUpdateGuide https://t.co/oZI6moVcad"
X Link 2025-11-11T18:16Z 187.8K followers, 15.2K engagements
"The Threat Intelligence Briefing Agent which delivers daily customized briefings that combine Microsofts global threat intelligence with insights specific to each organization is now fully integrated into the Microsoft Defender portal available in public preview. With the Threat Intelligence Briefing Agent analysts receive automated up-to-date intelligence summaries that help them quickly prioritize actions by providing risk assessments clear recommendations and direct links to vulnerable assets. Meanwhile the first phase of the integration of Microsoft Defender Threat Intelligence (MDTI)"
X Link 2025-11-18T23:26Z 187.7K followers, 22K engagements
"Throughout [----] Tycoon2FA (tracked by Microsoft as Storm-1747) has consistently been the most prolific phishing-as-a-service (PhaaS) platform observed by Microsoft. In October [----] Microsoft Defender for Office [---] blocked more than [--] million malicious emails linked to Tycoon2FA. Storm-1747s PhaaS platform was a major driver behind the surge of fake CAPTCHA phishing tactics. In October more than 44% of all CAPTCHA-gated phishing attacks blocked by Microsoft were attributed to Tycoon2FA infrastructure. One Tycoon2FA-driven campaign involved over [------] messages targeting organizations in 182"
X Link 2025-11-21T17:25Z 187.7K followers, 16.9K engagements
"On Thanksgiving eve November [--] Microsoft detected and blocked a high-volume phishing campaign from a threat actor we track as Storm-0900. The campaign used parking ticket and medical test result themes and referenced Thanksgiving to lend credibility and lower recipients suspicion. The campaign consisted of tens of thousands of emails and targeted primarily users in the United States. Microsoft disrupted this campaign through a combination of email filtering endpoint protections and threat intelligence-based preemptive blocking of attacker infrastructure"
X Link 2025-12-02T00:20Z 187.8K followers, 32.4K engagements
"The URLs in the phishing emails redirected to an attacker-controlled landing page on the malicious domain permit-service.top that employed several rounds of user interaction. First users needed to solve a slider CAPTCHA by clicking and dragging a slider followed by ClickFix a technique that threat actors use to trick users into running malicious commands on their devices. If users fell for the ClickFix lure and executed a command in their Run prompt a PowerShell script would run"
X Link 2025-12-02T00:20Z 187.7K followers, [----] engagements
"New blog post: Shai-Hulud 2.0: Guidance for detecting investigating and defending against the supply chain attack. In defending against threats like Shai-Hulud [---] organizations benefit significantly from the layered protection from Microsoft Defender which provides security coverage from code to posture management to runtime. This defense-in-depth approach is especially valuable when facing supply chain-driven attacks that might introduce malicious dependencies that evade traditional vulnerability assessment tools. In these scenarios the ability to correlate telemetry across data planes such"
X Link 2025-12-09T22:02Z 187.9K followers, 12.7K engagements
"Most exploitation activity related to the CVE-2025-55182 vulnerability affecting React Server Components Next.js and related frameworks originated from red teams assessments but observed exploitation attempts by threat actors deliver various payloads. This pre-authentication remote code execution (RCE) vulnerability (also referred to as React2Shell and includes CVE-2025-66478 which was merged into it) could allow attackers to execute arbitrary code on vulnerable servers through a single malicious HTTP request. In this blog Microsoft Defender researchers share insights and detailed analysis of"
X Link 2025-12-15T19:43Z 187.8K followers, 35.7K engagements
"Phishing actors are abusing complex routing scenarios and misconfigured spoof protections to spoof organizations domains and deliver emails that appear internally sent. This vectorwhich has seen increased visibility and use since May 2025has enabled credential phishing campaigns tied to phishing-as-a-service (PhaaS) platforms like Tycoon2FA using lures such as voicemails shared documents HR updates and password resets. Microsoft has also observed this technique leveraged in financial scams. Successful credential compromise through phishing attacks may lead to data theft or business email"
X Link 2026-01-06T18:01Z 187.8K followers, 35.5K engagements
"CrashFix a variant of the ClickFix technique has been observed leading to the deployment of remote access trojan ModeloRAT and actions indicative of pre-ransomware activity. Get analysis detection hunting guidance from Microsoft Defender Experts: https://msft.it/6014QMmmY https://msft.it/6014QMmmY"
X Link 2026-02-05T21:56Z 188.4K followers, 12.8K engagements
"Recent threat actor activity shows an emphasis on misusing trust identity and cloud-native capabilities to achieve maximum impact with minimal noise: Storm0501 illustrates how ransomware has evolved beyond onpremises operations into hybrid and cloud environments leveraging identity systems federation and control planes to destroy data wipe backups and lock victims outoften without deploying traditional malware. A similar tactic appears in SesameOp a backdoor that uses an AI platform as its commandandcontrol infrastructure. By operating within legitimate API usage SesameOp maintains long-term"
X Link 2026-01-15T18:18Z 187.9K followers, 13.2K engagements
"Microsoft Defender Researchers uncovered a multistage adversaryinthemiddle (AiTM) phishing and business email compromise (BEC) campaign targeting the energy sector. The campaign abused SharePoint filesharing services to deliver phishing payloads and relied on inbox rule creation to maintain persistence and avoid raising suspicion. Following the initial compromise the attackers leveraged trusted identities to conduct largescale intraorganizational as well as external phishing expanding the scope of the campaign to multiple organizations. Read our in-depth analysis of this complex campaign"
X Link 2026-01-23T23:30Z 188K followers, 18.8K engagements
"Successful attacks rarely depend on something novel. They succeed when basic controls are missing or inconsistently applied. Microsoft is engaging in Operation Winter SHIELD an FBI Cyber Division public cybersecurity implementation initiative focused on closing the gap between security intent and consistent execution. Drawing on how Microsoft protects its own infrastructure at global scale Sherrod DeGrippo Deputy CISO GM Customer Security shares how threat intelligence helps prioritize what truly matters how Baseline Security Mode enforces secure-by-default protections and how operational"
X Link 2026-02-05T17:26Z 188K followers, 18K engagements
"Microsofts Secure Development Lifecycle (SDL) is expanding to address AI-specific security concerns in addition to the traditional software security areas that it has historically covered. Microsofts SDL for AI introduces specialized guidance and tooling to address the complexities of AI security including threat modeling for AI AI system observability and AI memory protections among others. SDL for AI is a dynamic framework that unites research policy standards enablement cross-functional collaboration and continuous improvement to empower secure AI development and deployment. Learn more:"
X Link 2026-02-06T18:29Z 188.4K followers, [----] engagements
"As attackers rely heavily on C2 communications for various stages of their campaigns blocking these connections can disrupt or mitigate attacks. Learn how Microsoft Defender for Endpoint's network protection blocks connections to C2 infrastructure: https://msft.it/6016dcOZm https://msft.it/6016dcOZm"
X Link 2022-11-03T16:22Z 188.4K followers, [---] engagements
"The spear-phishing emails in this campaign were sent to thousands of targets in over [---] organizations and contained a signed Remote Desktop Protocol (RDP) configuration file that connected to an actor-controlled server"
X Link 2024-10-29T19:05Z 188.4K followers, 114.2K engagements
"Microsoft Defender researchers observed attackers using yet another evasion approach to the ClickFix technique: Asking targets to run a command that executes a custom DNS lookup and parses the Name: response to receive the next-stage payload for execution"
X Link 2026-02-13T23:43Z 188.5K followers, 148K engagements
"ClickFix is a social engineering technique typically delivered through phishing malvertising or drive-by lures (often fake CAPTCHA or fix this issue prompts) that trick users into copying pasting and running a command: https://msft.it/6012QrrgA https://msft.it/6012QrrgA"
X Link 2026-02-13T23:43Z 188.5K followers, [----] engagements
"Office [---] ATP is currently blocking a high-volume phishing attack that uses a neat impersonation of Royal Bank of Canada (RBC)"
X Link 2019-03-15T23:29Z 184.5K followers, [---] engagements
"Microsoft [---] customers can refer to the threat analytics report we published in Microsoft Defender Security Center. The threat analytics report contains technical details mitigations and detection details designed to empower SecOps to detect and mitigate this threat"
X Link 2020-09-24T01:29Z 184.5K followers, [--] engagements
"We'll continue to monitor developments and update the threat analytics report with latest info. We strongly recommend customers to immediately apply security updates for CVE-2020-1472. Microsoft [---] customers can use threat & vulnerability management data to see patching status"
X Link 2020-09-24T01:29Z 184.5K followers, [--] engagements
"New blog: The threat actor BISMUTH which has been running increasingly complex targeted attacks deployed coin miners in campaigns from July to August [----]. Learn how the group tried to stay under the radar using threats perceived to be less alarming: https://msft.it/6014p3MiQ https://msft.it/6014p3MiQ"
X Link 2020-11-30T22:35Z 183.7K followers, [---] engagements
"We are open sourcing the Python source code of a research toolkit we call CyberBattleSim an experimental research project that explores the applications of autonomous systems and reinforcement learning to security. https://www.microsoft.com/security/blog/2021/04/08/gamifying-machine-learning-for-stronger-security-and-ai-models/ https://www.microsoft.com/security/blog/2021/04/08/gamifying-machine-learning-for-stronger-security-and-ai-models/"
X Link 2021-04-08T16:06Z 184.5K followers, [---] engagements
"CyberBattleSim investigates how autonomous agents operate in a simulated enterprise environment. It uses the Python-based OpenAI Gym interface to allow training of automated agents using reinforcement learning algorithms"
X Link 2021-04-08T16:06Z 184.5K followers, [--] engagements
"New blog: In-depth analysis of newly detected NOBELIUM malware: a post-exploitation backdoor that Microsoft refers to as FoggyWeb. NOBELIUM uses FoggyWeb to remotely exfiltrate data from compromised AD FS servers. Get IOCs protection info and guidance: https://msft.it/6018XekA6 https://msft.it/6018XekA6"
X Link 2021-09-27T19:05Z 188.5K followers, [---] engagements
"Volt Typhoon a Chinese state-sponsored actor uses living-off-the-land (LotL) and hands-on-keyboard TTPs to evade detection and persist in an espionage campaign targeting critical infrastructure organizations in Guam and the rest of the United States. https://msft.it/6019gj8eH https://msft.it/6019gj8eH"
X Link 2023-05-24T19:03Z 188.5K followers, 240.3K engagements
"Microsoft has detected increased credential attack activity by the threat actor Midnight Blizzard using residential proxy services to obfuscate the source of their attacks. These attacks target governments IT service providers NGOs defense industry and critical manufacturing"
X Link 2023-06-21T18:02Z 188.5K followers, 179.5K engagements
"Microsoft has identified a phishing campaign conducted by Storm-0978 targeting defense and government entities in Europe and North America. The campaign involved the abuse of CVE-2023-36884 to deliver a payload with similarities to the RomCom backdoor"
X Link 2023-07-18T07:42Z 178.8K followers, 111.1K engagements
"Were sharing more details from our investigation of the Storm-0558 campaign that targeted customer email including our analysis of the threat actors techniques tools and infrastructure and the steps we took to harden systems involved: https://msft.it/6017g26HL https://msft.it/6017g26HL"
X Link 2023-07-14T17:05Z 188.5K followers, 268.1K engagements
"Microsoft has identified targeted attacks against the defense sector in Ukraine and Eastern Europe by the threat actor Secret Blizzard (KRYPTON UAC-0003) leveraging DeliveryCheck a novel .NET backdoor used to deliver a variety of second stage payloads"
X Link 2023-07-20T00:24Z 178.8K followers, 65.6K engagements
"Microsoft has identified highly targeted social engineering attacks by the threat actor Midnight Blizzard (previously NOBELIUM) using credential theft phishing lures sent as Microsoft Teams chats. Get detailed analysis IOCs and recommendations: https://msft.it/60199EEkv https://msft.it/60199EEkv"
X Link 2023-08-02T19:05Z 188.5K followers, 148K engagements
"AI red teaming is core to understanding novel risks that AI systems come with and is a cornerstone to responsible AI. Get best practices from the Microsoft AI Red Team interdisciplinary experts who think like attackers and probe AI systems for failures:"
X Link 2023-08-07T18:05Z 178.8K followers, 41.1K engagements
"Are you at @BlackHat #BHUSA Drop by the Microsoft booth #1740 today and tomorrow for product demos and theater sessions on important security topics by our security experts as well as guest speakers from Microsoft partners"
X Link 2023-08-09T18:37Z 178.8K followers, [----] engagements
"Microsoft cyberphysical systems researchers continue to develop and add more tools to the open-source Microsoft ICS forensics framework we released last year for analyzing industrial programmable logic controller (PLC) metadata and project files: https://msft.it/60169yhxs https://msft.it/60169yhxs"
X Link 2023-08-09T23:05Z 184.1K followers, 31.3K engagements
"At this years #BHUSA Microsoft researchers are sharing more information about the framework as well as new CODESYS tools that defenders can use build on and customize for detecting suspicious artifacts in ICS environments:"
X Link 2023-08-09T23:05Z 178.8K followers, [----] engagements
"Microsoft has observed a new version of the BlackCat ransomware being used in recent campaigns. This version includes the open-source communication framework tool Impacket which threat actors use to facilitate lateral movement in target environments"
X Link 2023-08-17T16:30Z 188.5K followers, 190.3K engagements
"Microsoft has identified a nation-state actor tracked as Flax Typhoon quietly gaining and maintaining access to organizations in Taiwan via known exploits malware built-in tools and legitimate VPN software. Get the actor's TTPs and detection info:"
X Link 2023-08-24T16:31Z 178.8K followers, 62K engagements
"Adversary-in-the-middle (AiTM) phishing techniques continue to proliferate through the phishing-as-a-service (PhaaS) cybercrime model as seen in the increasing number of-AiTM capable PhaaS platforms throughout 2023"
X Link 2023-08-28T21:30Z 184.5K followers, 66.9K engagements
"Were releasing a second version of our threat matrix for storage services a structured tool that can help identify and analyze potential security threats on data stored in cloud storage services. Learn about the new attack techniques in the matrix: https://msft.it/60119ZQd9 https://msft.it/60119ZQd9"
X Link 2023-09-07T17:02Z 188.5K followers, 64.8K engagements
"Beginning July [----] Storm-0324 a financially motivated threat actor known to gain access to networks and then hand off access to other actors was observed distributing payloads by sending phishing lures thru Microsoft Teams chats. Get TTPs mitigation: https://msft.it/60189d8Wi https://msft.it/60189d8Wi"
X Link 2023-09-12T17:03Z 188.5K followers, 134K engagements
"The September [----] security updates are available: Security Updates for September [----] are now available Details are here: https://t.co/ItXjYLGoS4 #PatchTuesday #SecurityUpdateGuide https://t.co/gM8NcKHaMb Security Updates for September [----] are now available Details are here: https://t.co/ItXjYLGoS4 #PatchTuesday #SecurityUpdateGuide https://t.co/gM8NcKHaMb"
X Link 2023-09-12T19:27Z 184.5K followers, 15.3K engagements
"Since February [----] Microsoft has observed password spray activity by Iranian threat actor Peach Sandstorm (HOLMIUM) against thousands of orgs likely an attempt to collect intelligence to support Iranian interests. Get TTPs mitigation hunting guidance:"
X Link 2023-09-14T16:33Z 174.5K followers, 42.1K engagements
"Our analysis of an attempt to steal the cloud identity in a SQL Server instance for lateral movement highlights the importance of securing cloud identities and implementing least privilege practices when deploying cloud-based and on-premises solutions:"
X Link 2023-10-03T16:35Z 174.6K followers, 61.2K engagements
"Ransomware attacks are evolving to minimize footprint with 60% using remote encryption rendering process-based remediation ineffective. More insights on cybercrime state-sponsored cyberattacks and others from the [----] Microsoft Digital Defense Report:"
X Link 2023-10-05T16:20Z 178.9K followers, 47.1K engagements
"Microsoft has observed nation-state threat actor Storm-0062 exploiting CVE-2023-22515 in the wild since September [--] [----]. CVE-2023-22515 was disclosed on October [--] [----]. Storm-0062 is tracked by others as DarkShadow or Oro0lxy"
X Link 2023-10-10T22:30Z 188.5K followers, 204.3K engagements
"The four IP addresses below were observed sending related CVE-2023-22515 exploit traffic: 192.69.90.31 104.128.89.92 23.105.208.154 199.193.127.231"
X Link 2023-10-10T22:30Z 177.8K followers, 23.1K engagements
"CVE-2023-22515 is a critical privilege escalation vulnerability in Atlassian Confluence Data Center and Server. Any device with a network connection to a vulnerable application can exploit CVE-2023-22515 to create a Confluence administrator account within the application"
X Link 2023-10-10T22:30Z 177.8K followers, 16.7K engagements
"Organizations with vulnerable Confluence applications should upgrade as soon as possible to a fixed version: 8.3.3 8.4.3 or 8.5.2 or later. Organizations should isolate vulnerable Confluence applications from the public internet until they are able to upgrade them"
X Link 2023-10-10T22:30Z 174.5K followers, 15.5K engagements
"We thank @Atlassian for their partnership in investigating these active exploits. Atlassian provides further details in their security advisory. https://msft.it/60119sdqS https://msft.it/60119sdqS"
X Link 2023-10-10T22:30Z 184.5K followers, 18.2K engagements
"A large-scale remote encryption attempt from an Akira ransomware operator tracked by Microsoft as Storm-1567 was disrupted when Microsoft Defender for Endpoint identified and contained a compromised user account being used in the attack. Learn how: https://msft.it/60129sFDQ https://msft.it/60129sFDQ"
X Link 2023-10-11T16:15Z 188.5K followers, 63.2K engagements
"Microsoft customers can get more info and mitigation guidance related to Storm-0062 and CVE-2023-22515 in reports we published on Microsoft products: Microsoft Defender Threat Intelligence: Microsoft [---] Defender:"
X Link 2023-10-11T20:16Z 178.8K followers, [----] engagements
"Your new favorite podcast is here The Microsoft Threat Intelligence Podcast has behind-the-scenes tales about uncovering attacks threat actors malware exploits etc. from researchers & analysts. Hosted by @sherrod_im. First [--] episodes are live"
X Link 2023-10-11T22:00Z 178.8K followers, 31K engagements
"In one of the inaugural episodes Microsoft analysts @simandsec @LaurenLeigh522 & @EHaeghebaert talk to @sherrod_im about the unique and evolving nature of the Iranian threat actor Peach Sandstorm. Listen to The Microsoft Threat Intelligence Podcast:"
X Link 2023-10-11T22:00Z 178.9K followers, [----] engagements
"In The Microsoft Threat Intelligence Podcast episode aptly titled Incident Response with Empathy @sherrod_im & Microsoft IR consultant @reprise_99 discuss the importance of creating accessible open-source tools & resources for entry-level forensics:"
X Link 2023-10-11T22:00Z 178.8K followers, 13.8K engagements
"Host @sherrod_im and mobile security researcher @x71n3 explore mobile threats and privacy concerns and offer practical advice for safeguarding mobile devices and personal information in this Microsoft Threat Intelligence Podcast episode:"
X Link 2023-10-11T22:00Z 178.9K followers, [----] engagements
"The threat actor that Microsoft tracks as Storm-1575 is behind the development support and sale of Dadsec a phishing-as-a-service (PhaaS) platform responsible for some of the highest volumes of phishing attacks tracked by Microsoft since it was initially seen in May 2023"
X Link 2023-10-13T21:00Z 178.8K followers, 62.1K engagements
"Storm-1575 focuses on its product offering and support for its customers instead of launching attacks themselves. Dadsec offers actors a platform to launch adversary-in-the-middle (AiTM) attacks. More of our research on AiTM here:"
X Link 2023-10-13T21:00Z 178.9K followers, [----] engagements
"Since early October [----] Microsoft has observed North Korean nation-state threat actors Diamond Sleet and Onyx Sleet exploiting the TeamCity CVE-2023-42793 RCE vulnerability posing a particularly high risk to affected orgs. Get TTPs & protection info:"
X Link 2023-10-18T16:35Z 177.5K followers, 53.7K engagements
"A joint referral by Microsoft and Amazon provided actionable intelligence and insights to support Indias Central Bureau of Investigation (CBI) in raiding multiple illegal call centers perpetrating tech support fraud. Learn more:"
X Link 2023-10-19T18:18Z 174.5K followers, 77.6K engagements
"The financially motivated threat actor tracked by Microsoft as Octo Tempest whose evolving campaigns leverage tradecraft not seen in typical threat models represents a growing concern for organizations. Get TTPs and protection info:"
X Link 2023-10-25T16:39Z 174.6K followers, 122.6K engagements
"The [----] Microsoft Digital Defense Report highlighted over 200% increase in human-operated ransomware attacks and 12% increase in tracked ransomware as a service (RaaS) affiliates"
X Link 2023-11-03T17:12Z 175.4K followers, 84.1K engagements
"The threat actor that Microsoft tracks as Sapphire Sleet known for cryptocurrency theft via social engineering has in the past few weeks created new websites masquerading as skills assessment portals marking a shift in the persistent actors tactics"
X Link 2023-11-08T18:11Z 175.7K followers, 64.4K engagements
"Microsoft customers can use the following reports in Microsoft products to get more details on this activity and the most up-to-date info about Sapphire Sleet: Microsoft Defender Threat Intelligence: Microsoft [---] Defender:"
X Link 2023-11-08T18:11Z 178.8K followers, 10.7K engagements
"Microsoft has discovered exploitation of a 0-day vulnerability in the SysAid IT support software in limited attacks by Lace Tempest a threat actor that distributes Clop ransomware. Microsoft notified SysAid about the issue (CVE-2023-47246) which they immediately patched"
X Link 2023-11-09T02:40Z 188.5K followers, 255.5K engagements
"At @CYBERWARCON [----] Microsoft and LinkedIn analysts share research on Iranian threat actor activity before and after the start of the Israel-Hamas war; China-based Volt Typhoon; Russia-based Storm-0978; and private-sector offensive actor Blue Tsunami: https://msft.it/60179C7X7 https://msft.it/60179C7X7"
X Link 2023-11-09T12:08Z 184.1K followers, 51.3K engagements
"Microsoft threat research experts share their experiences dealing with incidents related to the highly ingenious threat actor group Octo Tempest (0ktapus Scattered Spider UNC3944). Listen to the Microsoft Threat Intelligence Podcast episode here:"
X Link 2023-11-14T18:00Z 175.7K followers, 20.1K engagements
"Octo Tempest is a financially driven threat actor group that leverages broad social engineering campaigns to compromise organizations for financial extortion. Our blog post presents more details on their TTPs:"
X Link 2023-11-14T18:00Z 175.8K followers, [----] engagements
"The November [----] security updates are available:"
X Link 2023-11-14T19:45Z 175.8K followers, 19.7K engagements
"By bringing together Microsoft Sentinel Microsoft Defender XDR (previously Microsoft [---] Defender) and Microsoft Security Copilot the unified security operations platform streamlines triage and provides an end-to-end view of threats across the digital estate"
X Link 2023-11-16T19:13Z 175.8K followers, 29.1K engagements
"Microsoft has observed ongoing activity from mobile banking trojan campaigns targeting Android users in India with social media messages and malicious apps designed to impersonate legitimate orgs and steal users' personal data and financial information:"
X Link 2023-11-21T04:33Z 175.9K followers, 23.2K engagements
"Microsoft has uncovered a supply chain attack by North Korean threat actor Diamond Sleet (ZINC) involving the modification of an installer file from software maker CyberLink. The payload calls back to attacker infrastructure for instructions. Learn more: https://msft.it/6013iHoQF https://msft.it/6013iHoQF"
X Link 2023-11-22T17:10Z 188.5K followers, 183.8K engagements
"Microsoft has detected Danabot (Storm-1044) infections leading to hands-on-keyboard activity by ransomware operator Storm-0216 (Twisted Spider UNC2198) culminating in the deployment of Cactus ransomware. In this campaign Danabot is distributed via malvertising"
X Link 2023-12-01T00:30Z 188.5K followers, 147.9K engagements
"Storm-0216 has historically received handoffs from Qakbot operators but has since pivoted to leveraging different malware for initial access likely a consequence of the Qakbot infrastructure takedown"
X Link 2023-12-01T00:30Z 176.7K followers, 43.4K engagements
"The current Danabot campaign first observed in November appears to be using a private version of the info-stealing malware instead of the malware-as-a-service offering"
X Link 2023-12-01T00:30Z 176.7K followers, [----] engagements
"Danabot collects user credentials and other info that it sends to command and control followed by lateral movement via RDP sign-in attempts eventually leading to a handoff to Storm-0216"
X Link 2023-12-01T00:30Z 176.6K followers, 10.5K engagements
"Microsoft recommends strong credential hygiene network protection and attack surface reduction solutions. Microsoft Defender XDR detects the malware components and activity related to this campaign"
X Link 2023-12-01T00:30Z 176.6K followers, 10.3K engagements
"Microsoft has identified a Russian-based nation-state threat actor tracked as Forest Blizzard (STRONTIUM APT28 FANCYBEAR) actively exploiting CVE-2023-23397 to provide secret unauthorized access to email accounts within Exchange servers: https://msft.it/6018iPOLm https://msft.it/6018iPOLm"
X Link 2023-12-04T10:47Z 188.5K followers, 143.8K engagements
"Forest Blizzard primarily targets government energy transportation and non-governmental orgs in the US Europe and the Middle East. The threat actor also commonly employs other known public exploits in their attacks such as CVE-2023-38831 or CVE-2021-40444 among others"
X Link 2023-12-04T10:47Z 177.5K followers, [----] engagements
"The Polish Cyber Command (DKWOC) partnered with Microsoft to take action against Forest Blizzard actors and to identify and mitigate techniques used by the actor. We thank DKWOC for their partnership and collaboration on this effort"
X Link 2023-12-04T10:47Z 177.8K followers, 47.6K engagements
"Microsoft Defender XDR detects activities affiliated with the exploitation of CVE-2023-23397 and additional mitigation info and guidance is detailed in our blog. Organizations should ensure systems are patched and kept up to date to mitigate this threat:"
X Link 2023-12-04T10:47Z 177.8K followers, [----] engagements
"Properly configuring Microsoft Entra ID can help avoid cloud identity compromise that could lead to malicious attacks or even tenant destruction. The Microsoft Incident Response team provides guidance based on past engagements here:"
X Link 2023-12-05T17:08Z 177.8K followers, 38.4K engagements
"Today at #BHEU Microsoft researchers are sharing info about the open-source Microsoft ICS forensics framework as well as new Rockwell RSLogix and Omron tools that defenders can use and customize for detecting suspicious artifacts in ICS environments:"
X Link 2023-12-06T08:00Z 177.5K followers, 19.8K engagements
"The open-source Microsoft ICS forensics framework designed for analyzing industrial programmable logic controller (PLC) metadata and project files is maintained by Microsoft cyberphysical systems researchers who continue to add more tools. Learn more:"
X Link 2023-12-06T08:00Z 177.5K followers, [----] engagements
"Microsoft continues to track and disrupt activity attributed to a Russian state-sponsored actor we track as Star Blizzard (SEABORGIUM) who has improved their evasion capabilities since [----] while remaining focused on email credential theft. Get TTPs:"
X Link 2023-12-07T12:03Z 177.8K followers, 76.2K engagements
"In this Microsoft Threat Intelligence Podcast episode Microsoft Senior Security Researcher @malwareforme discusses with @sherrod_im the psychology behind social engineering techniques and the importance of curiosity in investigating cyberattacks:"
X Link 2023-12-08T17:55Z 178.8K followers, [----] engagements
"Threat actors are misusing OAuth applications commonly used for automating business processes in their financially motivated attacks. Microsoft shares analysis of real-world cases mitigation steps detection coverage and hunting guidance:"
X Link 2023-12-12T18:09Z 177.9K followers, 38.5K engagements
"The December [----] security updates are available:"
X Link 2023-12-12T19:17Z 178K followers, 17.4K engagements
"Microsoft has taken steps to disrupt and mitigate a widespread campaign by the Russian nation-state threat actor Midnight Blizzard targeting TeamCity servers using the publicly available exploit for CVE-2023-42793"
X Link 2023-12-13T17:10Z 188.5K followers, 440.9K engagements
"Following exploitation Midnight Blizzard uses scheduled tasks to keep a variant of VaporRage malware persistent. The VaporRage variant which is similar to malware deployed by the threat actor in recent phishing campaigns abuses Microsoft OneDrive and Dropbox for C2"
X Link 2023-12-13T17:10Z 188.5K followers, 19.4K engagements
"Post-compromise activity includes credential theft using Mimikatz Active Directory enumeration using DSinternals deployment of tunneling tool rsockstun and turning off antivirus and EDR capabilities"
X Link 2023-12-13T17:10Z 177.8K followers, 17K engagements
"In addition to disrupting the abuse of Microsoft OneDrive for command and control Microsoft Defender Antivirus and Microsoft Defender for Endpoint protect customers against this and other Midnight Blizzard malware"
X Link 2023-12-13T17:10Z 178.2K followers, 14.5K engagements
"Midnight Blizzard is the latest nation-state threat actor observed exploiting the TeamCity CVE-2023-42793 vulnerability. In October North Korean threat actors Diamond Sleet and Onyx Sleet exploited the same vulnerability in separate attacks:"
X Link 2023-12-13T17:10Z 178.2K followers, 15.7K engagements
"Although many of the compromises appear to be opportunistic affecting unpatched Internet-facing TeamCity servers Microsoft continues to work with the international cybersecurity community to mitigate the potential risk to software supply chain ecosystems"
X Link 2023-12-13T17:10Z 177.8K followers, 14.6K engagements
"We are especially grateful to our partners in the international cybersecurity community for their collaboration on this investigation"
X Link 2023-12-13T17:19Z 178.9K followers, 15.2K engagements
"Microsoft has identified new Qakbot phishing campaigns following the August [----] law enforcement disruption operation. The campaign began on December [--] was low in volume and targeted the hospitality industry. Targets received a PDF from a user masquerading as an IRS employee"
X Link 2023-12-16T02:57Z 188.5K followers, 205.4K engagements
"Listen to Microsoft Threat Research and Intelligence Leader @wesdrone and Microsoft Threat Intelligence Podcast host @sherrod_im talk about the beginnings of ransomware as a service (RaaS) and the similar evolution patterns in the phishing landscape:"
X Link 2023-12-20T17:18Z 178K followers, [----] engagements
"Microsoft has observed the Iranian nation-state actor Peach Sandstorm attempting to deliver a newly developed backdoor named FalseFont to individuals working for organizations in the Defense Industrial Base (DIB) sector"
X Link 2023-12-21T18:00Z 188.5K followers, 113.1K engagements
"Microsoft has observed threat actors including financially motivated actors like Storm-0569 Storm-1113 Sangria Tempest & Storm-1674 misusing the ms-appinstaller URI scheme (App Installer) to distribute malware. Get TTPs and protection info: https://msft.it/6019i5z9d https://msft.it/6019i5z9d"
X Link 2023-12-28T18:10Z 188.5K followers, 143.9K engagements
"The January [----] security updates are available: Security updates for January [----] are now available Details are here: https://t.co/ItXjYLFR2w #PatchTuesday #SecurityUpdateGuide https://t.co/TLI9NUax7f Security updates for January [----] are now available Details are here: https://t.co/ItXjYLFR2w #PatchTuesday #SecurityUpdateGuide https://t.co/TLI9NUax7f"
X Link 2024-01-09T18:04Z 178.8K followers, 19.9K engagements
"Microsoft has observed a subset of Iran-based threat actor Mint Sandstorm (PHOSPHORUS) employing new TTPs to improve initial access defense evasion and persistence in campaigns targeting individuals at universities and research orgs. Read our analysis:"
X Link 2024-01-17T17:05Z 178.9K followers, 78K engagements
"Were inviting members of the infosec community to join the fourth InfoSec Jupyterthon event to meet and engage with security practitioners on using Jupyter notebooks in their daily work:"
X Link 2024-01-29T18:04Z 179K followers, 26.6K engagements
"Listen to Microsoft Threat Intelligence analysts @Greg_Schloemer & @_matt_kennedy discuss with @sherrod_im what makes the North Korean threat landscape unique and how actors persistently abuse chains of trust to generate revenue for the regime:"
X Link 2024-01-31T17:16Z 179K followers, 16.5K engagements
"The latest biannual report on Iran from the Microsoft Threat Analysis Center (MTAC) presents details on the series of cyberattacks and influence operations launched by Iranian government-aligned actors since October 2023: https://msft.it/6017iAwg3 https://msft.it/6017iAwg3"
X Link 2024-02-07T08:03Z 188.5K followers, 50.2K engagements
"Microsoft in collaboration with OpenAI is publishing research on emerging threats in the age of AI focusing on identified activity associated with known threat actors Forest Blizzard Emerald Sleet Crimson Sandstorm and others. Learn more:"
X Link 2024-02-14T12:05Z 179.3K followers, 131.9K engagements
"This Microsoft Threat Intelligence podcast episode with Bryan Prior and Nirit Hinkis from the Microsoft Threat Analysis Center and podcast host @sherrod_im brings context to the intricacies of Irans penchant for cyber-enabled influence operations:"
X Link 2024-02-20T17:30Z 179.5K followers, 14.7K engagements
"This episode of the Microsoft Threat Intelligence Podcast covers how access to threat intelligence allows incident responders to get better context of the threats they deal with and an idea of what the threat actors' next steps could be:"
X Link 2024-03-01T23:30Z 179.5K followers, 17.6K engagements
"Host @sherrod_im is joined by Stella Aghakian and Holly Burmaster from the Microsoft Incident Response team to discuss their experiences learnings and challenges in incident response engagements as well as their insights on high-profile threat actors such as Octo Tempest"
X Link 2024-03-01T23:30Z 179.5K followers, [----] engagements
"The March [----] security updates are available: Security updates for March [----] are now available Details are here: https://t.co/ItXjYLFR2w #PatchTuesday #SecurityUpdateGuide https://t.co/HS2HtWbrap Security updates for March [----] are now available Details are here: https://t.co/ItXjYLFR2w #PatchTuesday #SecurityUpdateGuide https://t.co/HS2HtWbrap"
X Link 2024-03-12T17:21Z 179.5K followers, 16.1K engagements
"The new capabilities in Microsoft Copilot for Security will help security and IT professionals get more accurate insights on risks and respond faster to threats. 🎉 Microsoft Copilot for Security will be available to all on April [--] Find out why 97% of surveyed security professionals who have tried Copilot say they want to use it again: https://t.co/PyeRCzZHfJ #MicrosoftCopilot #MSSecure 🎉 Microsoft Copilot for Security will be available to all on April [--] Find out why 97% of surveyed security professionals who have tried Copilot say they want to use it again: https://t.co/PyeRCzZHfJ"
X Link 2024-03-13T16:19Z 179.6K followers, 20.3K engagements
"Phishing campaigns including ones related to known phishing-as-a-service (PhaaS) platforms such as Tycoon and NakedPages are taking advantage of the tax season in the US for social engineering"
X Link 2024-03-20T18:17Z 179.7K followers, 31.1K engagements
"A campaign related to the Tycoon PhaaS platform involved emails masquerading as W-2 & W-9 tax form notifications payroll tax documents & other payment-related lures. The emails contained an HTML attachment that loaded a Cloudflare captcha check followed by a phishing page"
X Link 2024-03-20T18:17Z 179.6K followers, [---] engagements
"Microsoft also observed phishing campaigns related to the AiTM phishing kit NakedPages. The emails masqueraded as DocuSign shared documents related to tax adjustments and contained an image that when clicked initiates redirections that eventually lead to a phishing page"
X Link 2024-03-20T18:17Z 179.6K followers, [---] engagements
"As much as 40% of vulnerabilities in open-source code don't have CVEs & are at risk of remaining widely unknown & unpatched. @WeldPond discusses how AI helps to identify vulnerabilities in open-source code & empower developers to find vulnerabilities in their own code & fix them"
X Link 2024-03-29T16:35Z 179.7K followers, 14.6K engagements
"Microsoft Copilot for Security generally available today is informed by large-scale data and Microsoft threat intelligence to deliver insights and improve security outcomes. It has prebuilt promptbooks collections of prompts that accomplish specific security-related tasks"
X Link 2024-04-01T18:06Z 179.8K followers, 38.1K engagements
"Read this FAQ on the XZ Utils vulnerability CVE-2024-3094 and get guidance on assessing exposure and discovering affected devices using Microsoft Defender Vulnerability Management Microsoft Defender for Cloud and Microsoft Security Exposure Management: https://msft.it/6015cLJVB https://msft.it/6015cLJVB"
X Link 2024-04-03T00:35Z 180.1K followers, 21K engagements
"Microsoft Threat Analysis Centers latest report notes that China is using fake social media accounts to poll U.S. voters on what divides them most to sow division and possibly influence the outcome of the U.S. presidential election in its favor. https://msft.it/6012cFTle https://msft.it/6012cFTle"
X Link 2024-04-05T17:10Z 188.5K followers, 83.9K engagements
"The April [----] security updates are available: Security updates for April [----] are now available Details are available here: https://t.co/ItXjYLGoS4 #PatchTuesday #SecurityUpdateGuide https://t.co/M4xaXMiiGk Security updates for April [----] are now available Details are available here: https://t.co/ItXjYLGoS4 #PatchTuesday #SecurityUpdateGuide https://t.co/M4xaXMiiGk"
X Link 2024-04-09T17:11Z 179.8K followers, 14.9K engagements
"Microsoft will now publish root cause data for Microsoft CVEs using the Common Weakness Enumeration (CWE) industry standard. Learn more: We are pleased to announce that we will now publish root cause data for all Microsoft CVEs using the Common Weakness Enumeration (CWE) industry standard. This standard will facilitate more effective community discussions about finding and mitigating these weaknesses in existing https://t.co/5Ro8wG2S3f We are pleased to announce that we will now publish root cause data for all Microsoft CVEs using the Common Weakness Enumeration (CWE) industry standard. This"
X Link 2024-04-09T18:57Z 179.8K followers, 28.9K engagements
"The exploitation of vulnerable drivers including the technique known as bring your own vulnerable driver (BYOVD) has become a favored strategy among threat actors to gain kernel-level access. Get an investigation guide from Microsoft Incident Response: https://msft.it/6019c4aUW https://msft.it/6019c4aUW"
X Link 2024-04-09T20:03Z 179.9K followers, 24.1K engagements
"Microsoft has tracked at least [--] Russian actors engaged in Ukraine-focused disinformation campaigns concentrated on undermining support for Ukraine. Meanwhile China seeks to exploit societal polarization and diminish faith in US democratic systems: https://msft.it/6013Y8noc https://msft.it/6013Y8noc"
X Link 2024-04-18T17:14Z 180.2K followers, 16.7K engagements
"In the first quarter of [----] established ransomware families like Akira Lockbit Play and Phobos were still the most predominantly used in attacks observed by Microsoft. Microsoft now tracks [--] active ransomware families"
X Link 2024-04-19T16:05Z 180.2K followers, 29.8K engagements
"Meanwhile Microsoft tracks more than [---] ransomware threat actors including nation-state actors and cybercrime groups. These threat actors continue to exploit vulnerabilities in various software and services to gain initial access"
X Link 2024-04-19T16:05Z 180.3K followers, [----] engagements
"Vulnerabilities exploited include Mirth Connect (CVE-2023-37679 CVE-2023-43208) ConnectWise ScreenConnect (CVE-2024-1709 CVE-2024-1708) JetBrains TeamCity (CVE-2024-27198 CVE-2024-27199) and Fortinet FortiClient EMS (CVE-2023-48788)"
X Link 2024-04-19T16:05Z 180.3K followers, [----] engagements
"Microsoft has identified longstanding activity by the Russian-based threat actor we track as Forest Blizzard using a custom tool we call GooseEgg to exploit CVE-2022-38028 in the Windows Print Spooler service to elevate permissions and steal credentials: https://msft.it/6014YG3oI https://msft.it/6014YG3oI"
X Link 2024-04-22T16:14Z 188.5K followers, 84.7K engagements
"Yesterday @TalosSecurity released a threat intelligence blog detailing the ArcaneDoor espionage-focused campaign. Microsoft Threat Intelligence collaborated with Cisco Talos to provide data and analysis on the threat actor Storm-1849 (UAT4356). https://msft.it/6015YJdzL https://msft.it/6015YJdzL"
X Link 2024-04-25T20:35Z 180.2K followers, 23.3K engagements
"Microsoft shares guidance on how defenders can utilize Azure logs to enhance threat hunting capabilities & proactively identify potential security threats in their environment: https://msft.it/6014YO1Ms https://msft.it/6014YO1Ms"
X Link 2024-04-30T17:49Z 180.3K followers, 18.1K engagements
"Microsoft identified a vulnerability pattern in multiple popular Android apps that could enable a malicious app to overwrite files in the vulnerable apps home directory which could lead to arbitrary code execution and token theft among other impacts: https://msft.it/6011YPK7J https://msft.it/6011YPK7J"
X Link 2024-05-01T18:02Z 180.3K followers, 17K engagements
"The discovery of the XZ vulnerability by Microsoft partner software engineer @AndresFreundTec is a wake-up call to both the open source and infosec communities as it raises the importance of security measures such as code review in the open source community"
X Link 2024-05-08T17:35Z 180.3K followers, 22.1K engagements
"@AndresFreundTec In this episode of The Microsoft Threat Intelligence podcast @AndresFreundTec Senior security researcher @fr0gger_ & @sherrod_im discuss the discovery of the XZ backdoor as well as findings in tracking its development & the actor behind it. https://msft.it/6015YVKT1 https://msft.it/6015YVKT1"
X Link 2024-05-08T17:35Z 180.4K followers, 15.2K engagements
"The macOS cryptocurrency wallet stealer malware known as Activator which we first observed in December [----] remains a very active threat. Microsoft data shows a surge in network activity associated with the Activator in March [----] and has remained elevated"
X Link 2024-05-10T16:00Z 180.5K followers, 28.1K engagements
"Since mid-April [----] Microsoft Threat Intelligence has observed the threat actor Storm-1811 misusing the client management tool Quick Assist to target users in social engineering attacks that lead to Black Basta ransomware. https://msft.it/6017YXfJS https://msft.it/6017YXfJS"
X Link 2024-05-15T16:03Z 180.5K followers, 74.4K engagements
"Alongside the announcement of Copilot+ PCs Microsoft is introducing important security features and updates that make Windows [--] more secure for users and organizations and give developers the tools to prioritize security: https://msft.it/6019YZvH3 https://msft.it/6019YZvH3"
X Link 2024-05-20T19:35Z 180.5K followers, 15.3K engagements
"In a single instance Storm-0539 can extract tens of thousands of dollars by issuing new gift cards and sending them to dozens of email addresses. Today at #SLEUTHCON [----] Microsoft Threat Intelligence experts delivered a talk on Storm-0539. https://msft.it/6011Yd1bz https://msft.it/6011Yd1bz"
X Link 2024-05-24T15:30Z 180.5K followers, [---] engagements
"Also known as Atlas Lion and active since late [----] Storm-0539 operates out of Morocco and primarily targets the retail sector but have also affected other industries like telecommunication and technology"
X Link 2024-05-24T15:30Z 180.5K followers, [---] engagements
"Storm-0539 carries out extensive reconnaissance of target organizations to craft convincing phishing lures and steal credentials and tokens for initial access"
X Link 2024-05-24T15:30Z 180.5K followers, [---] engagements
"Microsoft has identified a new North Korean threat actor Moonstone Sleet (Storm-1789) that combines many tried-and-true techniques used by other North Korean threat actors with unique attack methodologies for financial and cyberespionage objectives. https://msft.it/6017Ygsud https://msft.it/6017Ygsud"
X Link 2024-05-28T16:05Z 180.6K followers, 30.2K engagements
"Moonstone Sleet is observed to set up fake companies and job opportunities to engage with potential targets employ trojanized versions of legitimate tools create a malicious game called DeTankWar and deliver a new custom ransomware that Microsoft has named FakePenny"
X Link 2024-05-28T16:05Z 180.6K followers, [----] engagements
"Read our latest blog to get our analysis of several notable TTPs used by Moonstone Sleet in various campaigns and to get recommendations for defending against this threat actor"
X Link 2024-05-28T16:05Z 180.6K followers, [----] engagements
"Prolific Russian influence actors tracked by Microsoft as Storm-1679 and Storm-1099 have pivoted their operations since June [----] to focus on the Olympics. Learn more from this report published by Microsoft Threat Analysis Center (MTAC): https://msft.it/6015YmuFv https://msft.it/6015YmuFv"
X Link 2024-06-03T15:51Z 180.8K followers, 32.6K engagements
"Learn from @markrussinovich as he shares with @sherrod_im his journey developing Sysinternals working in the cloud with Azure and discovering Crescendo a technique that tricks LLMs into generating malicious content by exploiting their own responses: https://msft.it/6015YFyYD https://msft.it/6015YFyYD"
X Link 2024-06-19T16:30Z 180.9K followers, [----] engagements
"The Microsoft Copilot for Security threat intelligence embedded experience in Defender XDR now generally available contextualizes and summarizes intelligence from across MDTI and threat analytics about threat actors threat tooling and incidents IoCs: https://msft.it/6019YAIfb https://msft.it/6019YAIfb"
X Link 2024-06-25T22:30Z 180.9K followers, 17.9K engagements
"Microsoft researchers discovered two vulnerabilities in Rockwell Automations PanelView Plus that could be remotely exploited to allow RCE and DoS. PanelView Plus devices are graphic terminals used in the industrial sector. Get analysis & protection info: https://msft.it/6016l8U7A https://msft.it/6016l8U7A"
X Link 2024-07-02T16:12Z 183.3K followers, 12.6K engagements
"In the second quarter of [----] financially motivated threat actor Octo Tempest our most closely tracked ransomware threat actor added RansomHub and Qilin to its ransomware payloads in campaigns"
X Link 2024-07-15T19:30Z 181.6K followers, 54.2K engagements
"Heres your guide on the extensive Microsoft threat intelligence research and AI-first end-to-end security expertise you can look forward to on the main stage briefings and theater sessions at the Microsoft booth at Black Hat USA 2024: https://msft.it/6016luRCK https://msft.it/6016luRCK"
X Link 2024-07-17T17:15Z 183K followers, [----] engagements
".@ajohnsocyber will take the stage with @sherrod_im to share threat intelligence insights & best practices from the Office of the CISO. Microsoft will also be part of the AI Summit joining the Balancing Security & Innovation - Risks & Rewards in AI-Driven Cybersecurity panel"
X Link 2024-07-17T17:15Z 183K followers, [----] engagements
"@ajohnsocyber @sherrod_im Threat analysts & researchers will be at Microsoft booth #1240 to connect and share insights. Get live demos of Copilot for Security and other solutions. Schedule in-person meeting with Microsoft leaders & experts focused on your topic of interest: https://msft.it/6017luRCz https://msft.it/6017luRCz"
X Link 2024-07-17T17:15Z 181.4K followers, [----] engagements
"@ajohnsocyber @sherrod_im Reserve your spot at the Microsoft Security VIP Mixer co-hosted by Ann Johnson and Aarti Borkar to connect and network with fellow industry experts: https://msft.it/6018luRCM https://msft.it/6018luRCM"
X Link 2024-07-17T17:15Z 181.5K followers, [----] engagements
"Learn more about the Microsoft AI Bounty program that aims to better secure Microsoft Copilot by inviting security researchers to report high impact security vulnerabilities in this episode of the Microsoft Threat Intelligence podcast hosted by @sherrod_im https://msft.it/6019lRMOf https://msft.it/6019lRMOf"
X Link 2024-07-18T16:30Z 181.6K followers, [----] engagements
"@sherrod_im Lynn Miyashita & Andrew Paverd also talk about what defines an AI bug and the potential for finding vulnerabilities that span the traditional scope of a bug hunter and new vulnerabilities that may arise because of AI. Details on the bounty program here: https://msft.it/6012lRMOC https://msft.it/6012lRMOC"
X Link 2024-07-18T16:30Z 181.5K followers, [----] engagements
"New Recovery Tool to help with CrowdStrike issue impacting Windows endpoints https://msft.it/6014lp4J0 https://msft.it/6014lp4J0"
X Link 2024-07-22T16:52Z 182.3K followers, 21.3K engagements
"Microsoft has uncovered a vulnerability in ESXi hypervisors identified as CVE-2024-37085 being exploited by threat actors to obtain full administrative permissions on domain-joined ESXi hypervisors and encrypt critical servers in ransomware attacks. https://msft.it/6012lbTai https://msft.it/6012lbTai"
X Link 2024-07-29T16:14Z 188.5K followers, 670.1K engagements
"At 12:00 PM catch our session Targets of Opportunity: Overview of a Global Exploitation Campaign by Russian Military Intelligence which details the TTPs used by a threat actor we track as Seashell Blizzard to gain initial access to systems as presented by Michael Matonis"
X Link 2024-08-07T18:30Z 182.7K followers, [----] engagements
"At 12:30 PM Stephen Manz presents Queries timing out Memory limitations How to make your Kusto threat hunting queries more efficient including some fun techniques for writing more advanced queries too"
X Link 2024-08-07T19:00Z 182.7K followers, [----] engagements
"At 1:00 PM join Judy Ng and Kristina Savelesky at our booth for some Threat Actor TTP Trivia. Learn more about Microsofts threat intelligence landscape and test your threat actor and TTP knowledge with our trivia game"
X Link 2024-08-07T19:30Z 182.9K followers, [----] engagements
"At 12:00 PM catch our session Storm-0539: How the threat intelligence shows up for customers to learn more about the tools and methods used to bring actionability to threat intelligence as presented by @soul_crusher86 and Alison Ali"
X Link 2024-08-08T18:30Z 184.4K followers, [----] engagements
"At 12:30 PM @obnoxious4n6 presents The Winds of Change The Evolution of Octo Tempest detailing the evolution of Octo Tempest and a walk through of the threat actor's operations across the attack chain including their extensive abuse of identity and cloud technologies"
X Link 2024-08-08T19:00Z 184.4K followers, [----] engagements
"At 1:00 PM find Ryan Caney and Aled Masons session Unraveling GooseEgg: Forest Blizzard's Tool For CVE-2022-38028 for an in-depth analysis of this Russia-based threat actor and their custom tool GooseEgg used to exploit a vulnerability in the Windows Print Spooler service"
X Link 2024-08-08T19:30Z 184.5K followers, [----] engagements
"The Microsoft Threat Analysis Center (MTAC) shares intelligence about Iranian actors laying the groundwork for influence operations aimed at US audiences and potentially seeking to impact the [----] US presidential election: https://msft.it/6018llWQs https://msft.it/6018llWQs"
X Link 2024-08-09T04:10Z 188.5K followers, 199.5K engagements
"Microsoft has detected a 111% year-over-year increase in token replay attacks and incidents are continuing to grow. https://msft.it/6011lSgZ7 https://msft.it/6011lSgZ7"
X Link 2024-08-15T16:30Z 184.4K followers, 66.8K engagements
"Threat actors leverage compromised identities to achieve a significant level of access to target networks. Implementing multi-factor authentication (MFA) remains an essential pillar in identity security and can block more than 99.2% of account compromise attacks. 🔐 Multifactor authentication is one of the most effective ways to protect against cyberattacks yet most accounts don't use it. Learn why MFA login will be mandatory for Azure sign-in this year: https://t.co/kbcwOk5sdJ 🔐 Multifactor authentication is one of the most effective ways to protect against cyberattacks yet most accounts"
X Link 2024-08-20T16:15Z 184.5K followers, 18.1K engagements
"The introduction of mandatory MFA for all Azure sign-ins will help better protect Azure accounts from unauthorized access. Read the Azure blog to learn more about this change"
X Link 2024-08-20T16:15Z 184.4K followers, [----] engagements
"Microsoft observed Iranian state-sponsored threat actor Peach Sandstorm deploying a new custom multi-stage backdoor named Tickler in attacks against multiple sectors in the United States and the United Arab Emirates. https://msft.it/6015lfpO5 https://msft.it/6015lfpO5"
X Link 2024-08-28T15:10Z 184.3K followers, 44.9K engagements
"Microsoft identified a North Korean threat actor exploiting a zero-day vulnerability in Chromium (CVE-2024-7971) to gain remote code execution. Our assessment of ongoing analysis and observed infrastructure attributes this activity to Citrine Sleet. https://msft.it/6010l7S6w https://msft.it/6010l7S6w"
X Link 2024-08-30T16:05Z 188.5K followers, 103.8K engagements
"Through the unified security operations platform defenders can use Microsoft Copilot for Security features such as incident summaries guided investigations script analysis and advanced hunting on Microsoft Sentinel data"
X Link 2024-09-06T16:49Z 184K followers, [----] engagements
"The correlation of alerts and data from Defender workloads and third-party sources ingested by Microsoft Sentinel streamlines security operations and provides deeper insights into potential threats and vulnerabilities. Learn more: https://msft.it/6018mGets https://msft.it/6018mGets"
X Link 2024-09-06T16:49Z 184.1K followers, [----] engagements
"The September [----] security updates are available: Security updates for September [----] are now available. Details are available here: https://t.co/ItXjYLGoS4 #PatchTuesday #SecurityUpdateGuide https://t.co/ZEJC485SVF Security updates for September [----] are now available. Details are available here: https://t.co/ItXjYLGoS4 #PatchTuesday #SecurityUpdateGuide https://t.co/ZEJC485SVF"
X Link 2024-09-10T17:44Z 184.3K followers, [----] engagements
"Microsoft has observed threat actors in North Korea such as Onyx Sleet and Citrine Sleet diversifying their attacks that aim to gather intelligence and generate revenue in support of the North Korean regime. https://msft.it/6015mOd15 https://msft.it/6015mOd15"
X Link 2024-09-12T16:30Z 183.9K followers, 10.9K engagements
"Onyx Sleet has been observed to now support both intelligence gathering and revenue generation for North Korea conducting cyber espionage through numerous campaigns and more recently deploying ransomware in their attacks"
X Link 2024-09-12T16:30Z 184K followers, [---] engagements
"Meanwhile Citrine Sleet an actor known to commonly use AppleJeus to steal cryptocurrency assets recently exploited a zero-day vulnerability in Chromium to gain remote code execution & launch the sophisticated rootkit FudModule"
X Link 2024-09-12T16:30Z 184K followers, [----] engagements
"To help defenders get better access to relevant threat intelligence articles the Microsoft Defender XDR portal home page now displays featured Microsoft Defender Threat Intelligence (MDTI) articles to highlight noteworthy Microsoft content. https://msft.it/6017mPalP https://msft.it/6017mPalP"
X Link 2024-09-13T17:10Z 184K followers, [----] engagements
"The latest Microsoft Threat Analysis Center (MTAC) elections report is now available detailing Russian influence activities by actors such as Storm-1516 Storm-1679 Ruza Flood Volga Flood and more: https://msft.it/6019mpiUN https://msft.it/6019mpiUN"
X Link 2024-09-17T19:30Z 184K followers, 18.3K engagements
"Microsoft observed the financially motivated threat actor tracked as Vanilla Tempest using INC ransomware for the first time to target the healthcare sector in the United States"
X Link 2024-09-18T17:25Z 184.1K followers, [--] engagements
"Vanilla Tempest has been active since July [----] and commonly targets the education healthcare IT and manufacturing sectors in attacks involving various ransomware payloads such as BlackCat Quantum Locker Zeppelin and Rhysida"
X Link 2024-09-18T17:25Z 184K followers, [----] engagements
"Microsoft Defender for Endpoint detects multiple stages of Vanilla Tempest activity and known INC ransomware and other malware identified in this campaign. For more info and guidance on defending against ransomware visit https://msft.it/6018mVUop https://msft.it/6018mVUop"
X Link 2024-09-18T17:25Z 184.2K followers, [----] engagements
"Microsoft experts discuss the impact of defenders having tools such as Kusto Query Language (KQL) to hunt for threats as well as attackers using social engineering and PowerShell to deploy malware such as infostealers: https://msft.it/6017meDNJ https://msft.it/6017meDNJ"
X Link 2024-09-25T16:30Z 184K followers, 13.8K engagements
"The financially motivated cybercriminal group that Microsoft tracks as Storm-0501 has been observed exfiltrating data and deploying Embargo ransomware after moving laterally from on-premises to the cloud environment. https://msft.it/6013m5gnf https://msft.it/6013m5gnf"
X Link 2024-09-26T17:09Z 184.5K followers, 54.3K engagements
"Microsoft's Digital Crimes Unit (DCU) is disrupting the technical infrastructure used by a persistent Russian nation-state threat actor that Microsoft tracks as Star Blizzard. https://msft.it/6017mUXoV https://msft.it/6017mUXoV"
X Link 2024-10-03T16:29Z 184.5K followers, 16.8K engagements
"The US District Court for the District of Columbia unsealed a civil action brought by Microsofts DCU including its order authorizing Microsoft to seize [--] unique domains used by Star Blizzard in cyberattacks targeting Microsoft customers globally including throughout the US"
X Link 2024-10-03T16:29Z 183.9K followers, [----] engagements
"Star Blizzard has continuously refined their detection evasion capabilities while remaining focused on email credential theft against the same targets. This blog provides updated technical information about Star Blizzard TTPs: https://msft.it/6018mUXon https://msft.it/6018mUXon"
X Link 2024-10-03T16:29Z 183.9K followers, [----] engagements
"Browser anomalies such as unexpected account access from a distant geographical location and an unusual browser could indicate account compromise. Additionally discrepancies in a user's attributes in browser sessions could be a sign of hijacking. https://msft.it/6010mqaMq https://msft.it/6010mqaMq"
X Link 2024-10-04T16:14Z 184.5K followers, 11.5K engagements
"Automatic attack disruption in Microsoft Defender XDR detects such anomalies in browser activities to stop threats such as account compromise and session hijacking related to adversary-in-the-middle (AiTM) and business email compromise"
X Link 2024-10-04T16:14Z 184.5K followers, [----] engagements
"Microsoft has observed that campaigns which misuse legitimate file hosting services are increasingly using certain defense evasion tactics most commonly leading to business email compromise (BEC) attacks. Get mitigation detection and hunting guidance: https://msft.it/6010maP70 https://msft.it/6010maP70"
X Link 2024-10-08T16:38Z 184.1K followers, 40.6K engagements
"The October [----] security updates are available: Security updates for October [----] are now available. Details are available here: https://t.co/ItXjYLFR2w #PatchTuesday #SecurityUpdateGuide https://t.co/CtPn5fVAk2 Security updates for October [----] are now available. Details are available here: https://t.co/ItXjYLFR2w #PatchTuesday #SecurityUpdateGuide https://t.co/CtPn5fVAk2"
X Link 2024-10-09T00:37Z 184K followers, [----] engagements
"Learn about how East Asia threat actors changed their techniques in their operations to achieve familiar goals in this episode of the Microsoft Threat Intelligence podcast with Nick Monaco from the Microsoft Threat Analysis Center (MTAC) and @sherrod_im https://msft.it/6018mxlKM https://msft.it/6018mxlKM"
X Link 2024-10-09T16:30Z 184.1K followers, 11K engagements
"Since the beginning of September [----] Microsoft Threat Intelligence has observed a phishing campaign using emails with eFax themed lures containing links or QR codes within PDF attachments leading to a domain controlled by the EvilProxy phishing-as-a-service (PhaaS) platform"
X Link 2024-10-11T16:30Z 188.5K followers, 41.2K engagements
Limited data mode. Full metrics available with subscription: lunarcrush.com/pricing