www.microsoft.com
Open in
urlscan Pro
2a02:26f0:6c00:2bd::356e
Public Scan
URL:
https://www.microsoft.com/security/blog/author/microsoft-threat-intelligence-center-mstic/
Submission: On October 17 via api from US — Scanned from DE
Submission: On October 17 via api from US — Scanned from DE
Form analysis 1 forms found in the DOM
Name: searchForm — GET https://www.microsoft.com/en-us/security/site-search
<form class="c-search" autocomplete="off" id="searchForm" name="searchForm" role="search" action="https://www.microsoft.com/en-us/security/site-search" method="GET" data-seautosuggest=""
data-seautosuggestapi="https://www.microsoft.com/msstoreapiprod/api/autosuggest"
data-m="{"cN":"GlobalNav_Search_cont","cT":"Container","id":"c3c1c9c3c1m1r1a1","sN":3,"aN":"c1c9c3c1m1r1a1"}" aria-expanded="false"
style="overflow-x: visible;">
<div class="x-screen-reader" aria-live="assertive"></div>
<input id="cli_shellHeaderSearchInput" aria-label="Search Expanded" aria-autocomplete="list" aria-expanded="false" aria-controls="universal-header-search-auto-suggest-transparent" aria-owns="universal-header-search-auto-suggest-ul" type="search"
name="q" role="combobox" placeholder="Search Microsoft Security" data-m="{"cN":"SearchBox_nav","id":"n1c3c1c9c3c1m1r1a1","sN":1,"aN":"c3c1c9c3c1m1r1a1"}" data-toggle="tooltip"
data-placement="right" title="Search Microsoft Security" style="overflow-x: visible;">
<button id="search" aria-label="Search Microsoft Security" class="c-glyph" data-m="{"cN":"Search_nav","id":"n2c3c1c9c3c1m1r1a1","sN":2,"aN":"c3c1c9c3c1m1r1a1"}"
data-bi-mto="true" aria-expanded="false" style="overflow-x: visible;">
<span role="presentation" style="overflow-x: visible;">Search</span>
<span role="tooltip" class="c-uhf-tooltip c-uhf-search-tooltip" style="overflow-x: visible;">Search Microsoft Security</span>
</button>
<div class="m-auto-suggest" id="universal-header-search-auto-suggest-transparent" role="group" style="overflow-x: visible;">
<ul class="c-menu" id="universal-header-search-auto-suggest-ul" aria-label="Search Suggestions" aria-hidden="true" data-bi-dnt="true" data-bi-mto="true" data-js-auto-suggest-position="default" role="listbox" data-tel="jsll"
data-m="{"cN":"search suggestions_cont","cT":"Container","id":"c3c3c1c9c3c1m1r1a1","sN":3,"aN":"c3c1c9c3c1m1r1a1"}" style="overflow-x: visible;"></ul>
</div>
</form>Text Content
We use optional cookies to improve your experience on our websites, such as
through social media connections, and to display personalized advertising based
on your online activity. If you reject optional cookies, only cookies necessary
to provide you the services will be used. You may change your selection by
clicking “Manage Cookies” at the bottom of the page. Privacy Statement
Third-Party Cookies
Accept Reject Manage cookies
Skip to main content
Microsoft Edge is the only browser optimized for Windows. Maximize your PC
performance with features like Sleeping Tabs and Startup Boost.
Close Switch now
Skip to main content
Microsoft
Microsoft Security
Microsoft Security
Microsoft Security
* Home
* Solutions
* Cloud security
* Frontline workers
* Identity & access
* Industrial & critical infrastructure
* Information protection & governance
* IoT security
* Passwordless authentication
* Phishing
* Ransomware
* Risk management
* Secure remote work
* SIEM & XDR
* Small & medium business
* Zero Trust
* Products
* Product families Product families
* Microsoft Defender
* Microsoft Entra
* Microsoft Intune
* Microsoft Priva
* Microsoft Purview
* Microsoft Sentinel
* Identity & access Identity & access
* Azure Active Directory part of Microsoft Entra
* Microsoft Entra Identity Governance
* Microsoft Entra Permissions Management
* Microsoft Entra Verified ID
* Microsoft Entra Workload Identities
* Azure Key Vault
* SIEM & XDR SIEM & XDR
* Microsoft Sentinel
* Microsoft Defender for Cloud
* Microsoft 365 Defender
* Microsoft Defender for Endpoint
* Microsoft Defender for Office 365
* Microsoft Defender for Identity
* Microsoft Defender for Cloud Apps
* Microsoft Defender Vulnerability Management
* Microsoft Defender Threat Intelligence
* Cloud security Cloud security
* Microsoft Defender for Cloud
* Microsoft Defender Cloud Security Posture Mgmt
* Microsoft Defender for DevOps
* Microsoft Defender External Attack Surface Management
* Azure Firewall
* Azure Web App Firewall
* Azure DDoS Protection
* GitHub Advanced Security
* Endpoint security Endpoint security
* Microsoft 365 Defender
* Microsoft Defender for Endpoint
* Microsoft Defender for IoT
* Microsoft Defender for Business
* Microsoft Defender Vulnerability Management
* Risk management & privacy Risk management & privacy
* Microsoft Purview Insider Risk Management
* Microsoft Purview Communication Compliance
* Microsoft Purview eDiscovery
* Microsoft Purview Compliance Manager
* Microsoft Purview Audit
* Microsoft Priva Risk Management
* Microsoft Priva Subject Rights Requests
* Information protection Information protection
* Microsoft Purview Information Protection
* Microsoft Purview Data Lifecycle Management
* Microsoft Purview Data Loss Prevention
* Endpoint management Endpoint management
* Microsoft Intune
* Services
* Microsoft Security Experts
* Microsoft Defender Experts for Hunting
* Microsoft Security Services for Enterprise
* Microsoft Security Services for Incident Response
* Microsoft Security Services for Modernization
* Partners
* Resources
* Get started Get started
* Cybersecurity awareness
* Customer stories
* Security 101
* Product trials
* How we protect Microsoft
* Reports and analysis Reports and analysis
* Industry recognition
* Microsoft Security Insider
* Microsoft Digital Defense Report
* Security Response Center
* Community Community
* Microsoft Security Blog
* Microsoft Security Events
* Microsoft Tech Community
* Documentation and training Documentation and training
* Documentation
* Technical Content Library
* Training & certifications
* Additional sites Additional sites
* Compliance Program for Microsoft Cloud
* Microsoft Trust Center
* Security Engineering Portal
* Service Trust Portal
* Contact sales
* More
* Start free trial
* All Microsoft
* * Microsoft Security
* Azure
* Dynamics 365
* Microsoft 365
* Microsoft Teams
* Windows 365
* Tech & innovation Tech & innovation
* Microsoft Cloud
* AI
* Azure Space
* Mixed reality
* Microsoft HoloLens
* Microsoft Viva
* Quantum computing
* Sustainability
* Industries Industries
* Education
* Automotive
* Financial services
* Government
* Healthcare
* Manufacturing
* Retail
* All industries
* Partners Partners
* Find a partner
* Become a partner
* Partner Network
* Find an advertising partner
* Become an advertising partner
* Azure Marketplace
* AppSource
* Resources Resources
* Blog
* Microsoft Advertising
* Developer Center
* Documentation
* Events
* Licensing
* Microsoft Learn
* Microsoft Research
* View Sitemap
Search Search Microsoft Security
Cancel
AUTHOR: MICROSOFT THREAT INTELLIGENCE CENTER (MSTIC)
Featured image for MERCURY leveraging Log4j 2 vulnerabilities in unpatched
systems to target Israeli organizations
August 25, 2022 • 9 min read
MERCURY LEVERAGING LOG4J 2 VULNERABILITIES IN UNPATCHED SYSTEMS TO TARGET
ISRAELI ORGANIZATIONS
Microsoft detected an Iran-based threat actor the Microsoft Threat Intelligence
Center (MSTIC) tracks as MERCURY leveraging exploitation of Log4j 2
vulnerabilities in SysAid applications against organizations located in Israel.
Read more MERCURY leveraging Log4j 2 vulnerabilities in unpatched systems to
target Israeli organizations
Featured image for MagicWeb: NOBELIUM’s post-compromise trick to authenticate as
anyone
August 24, 2022 • 21 min read
MAGICWEB: NOBELIUM’S POST-COMPROMISE TRICK TO AUTHENTICATE AS ANYONE
Microsoft security researchers have discovered a post-compromise capability
we’re calling MagicWeb, which is used by a threat actor we track as NOBELIUM to
maintain persistent access to compromised environments.
Read more MagicWeb: NOBELIUM’s post-compromise trick to authenticate as anyone
Featured image for Disrupting SEABORGIUM’s ongoing phishing operations
August 15, 2022 • 12 min read
DISRUPTING SEABORGIUM’S ONGOING PHISHING OPERATIONS
The Microsoft Threat Intelligence Center (MSTIC) has observed and taken actions
to disrupt campaigns launched by SEABORGIUM in campaigns involve persistent
phishing and credential theft campaigns leading to intrusions and data theft.
Read more Disrupting SEABORGIUM’s ongoing phishing operations
Featured image for Untangling KNOTWEED: European private-sector offensive actor
using 0-day exploits
July 27, 2022 • 14 min read
UNTANGLING KNOTWEED: EUROPEAN PRIVATE-SECTOR OFFENSIVE ACTOR USING 0-DAY
EXPLOITS
MSTIC and MSRC disclose technical details of a private-sector offensive actor
(PSOA) tracked as KNOTWEED using multiple Windows and Adobe 0-day exploits,
including one for the recently patched CVE-2022-22047, in limited and targeted
attacks against European and Central American customers.
Read more Untangling KNOTWEED: European private-sector offensive actor using
0-day exploits
Featured image for North Korean threat actor targets small and midsize
businesses with H0lyGh0st ransomware
July 14, 2022 • 13 min read
NORTH KOREAN THREAT ACTOR TARGETS SMALL AND MIDSIZE BUSINESSES WITH H0LYGH0ST
RANSOMWARE
A group of actors originating from North Korea that MSTIC tracks as DEV-0530 has
been developing and using ransomware in attacks since June 2021. This group,
which calls itself H0lyGh0st, utilizes a ransomware payload with the same name.
Read more North Korean threat actor targets small and midsize businesses with
H0lyGh0st ransomware
Featured image for From cookie theft to BEC: Attackers use AiTM phishing sites
as entry point to further financial fraud
July 12, 2022 • 13 min read
FROM COOKIE THEFT TO BEC: ATTACKERS USE AITM PHISHING SITES AS ENTRY POINT TO
FURTHER FINANCIAL FRAUD
A large-scale phishing campaign that attempted to target over 10,000
organizations since September 2021 used adversary-in-the-middle (AiTM) phishing
sites to steal passwords, hijack a user’s sign-in session, and skip the
authentication process, even if the user had enabled multifactor authentication
(MFA).
Read more From cookie theft to BEC: Attackers use AiTM phishing sites as entry
point to further financial fraud
Featured image for Hive ransomware gets upgrades in Rust
July 5, 2022 • 16 min read
HIVE RANSOMWARE GETS UPGRADES IN RUST
With its latest variant carrying several major upgrades, Hive proves it’s one of
the fastest evolving ransomware payload, exemplifying the continuously changing
ransomware ecosystem.
Read more Hive ransomware gets upgrades in Rust
Featured image for Exposing POLONIUM activity and infrastructure targeting
Israeli organizations
June 2, 2022 • 11 min read
EXPOSING POLONIUM ACTIVITY AND INFRASTRUCTURE TARGETING ISRAELI ORGANIZATIONS
Microsoft successfully detected and disabled attack activity abusing OneDrive by
a previously undocumented Lebanon-based activity group Microsoft Threat
Intelligence Center (MSTIC) tracks as POLONIUM.
Read more Exposing POLONIUM activity and infrastructure targeting Israeli
organizations
Featured image for Ransomware as a service: Understanding the cybercrime gig
economy and how to protect yourself
May 9, 2022 • 37 min read
RANSOMWARE AS A SERVICE: UNDERSTANDING THE CYBERCRIME GIG ECONOMY AND HOW TO
PROTECT YOURSELF
Microsoft coined the term “human-operated ransomware” to clearly define a class
of attack driven by expert human intelligence at every step of the attack chain
and culminate in intentional business disruption and extortion. In this blog, we
explain the ransomware as a service (RaaS) affiliate model and disambiguate
between the attacker tools and the various threat actors at play during a
security incident.
Read more Ransomware as a service: Understanding the cybercrime gig economy and
how to protect yourself
Featured image for Tarrask malware uses scheduled tasks for defense evasion
April 12, 2022 • 7 min read
TARRASK MALWARE USES SCHEDULED TASKS FOR DEFENSE EVASION
Microsoft Detection and Response Team (DART) researchers have uncovered malware
that creates “hidden” scheduled tasks as a defense evasion technique. In this
post, we will demonstrate how threat actors create scheduled tasks, how they
cover their tracks, and how the malware's evasion techniques are used to
maintain and ensure persistence on systems.
Read more Tarrask malware uses scheduled tasks for defense evasion
* 1
* 2
* 3
* …
* 5
* Next Page
Get all the news, updates, and more at
@MSFTSecurity twitter
What's new
* Surface Pro 9
* Surface Laptop 5
* Surface Studio 2+
* Surface Laptop Go 2
* Surface Laptop Studio
* Surface Duo 2
* Microsoft 365
* Windows 11 apps
Microsoft Store
* Account profile
* Download Center
* Microsoft Store support
* Returns
* Order tracking
* Virtual workshops and training
* Microsoft Store Promise
* Flexible Payments
Education
* Microsoft in education
* Devices for education
* Microsoft Teams for Education
* Microsoft 365 Education
* Education consultation appointment
* Educator training and development
* Deals for students and parents
* Azure for students
Business
* Microsoft Cloud
* Microsoft Security
* Dynamics 365
* Microsoft 365
* Microsoft Power Platform
* Microsoft Teams
* Microsoft Industry
* Small Business
Developer & IT
* Azure
* Developer Center
* Documentation
* Microsoft Learn
* Microsoft Tech Community
* Azure Marketplace
* AppSource
* Visual Studio
Company
* Careers
* About Microsoft
* Company news
* Privacy at Microsoft
* Investors
* Diversity and inclusion
* Accessibility
* Sustainability
English (United States)
* Sitemap
* Contact Microsoft
* Privacy
* Manage cookies
* Terms of use
* Trademarks
* Safety & eco
* About our ads
* © Microsoft 2022