www.microsoft.com
Open in
urlscan Pro
2a02:26f0:1700:1b8::356e
Public Scan
URL:
https://www.microsoft.com/security/blog/author/microsoft-threat-protection-intelligence-team/
Submission: On July 04 via api from US — Scanned from DE
Submission: On July 04 via api from US — Scanned from DE
Form analysis
1 forms found in the DOMName: searchForm — GET https://www.microsoft.com/en-us/security/site-search
<form class="c-search" autocomplete="off" id="searchForm" name="searchForm" role="search" action="https://www.microsoft.com/en-us/security/site-search" method="GET" data-seautosuggest=""
data-seautosuggestapi="https://www.microsoft.com/msstoreapiprod/api/autosuggest"
data-m="{"cN":"GlobalNav_Search_cont","cT":"Container","id":"c3c1c9c3c1m1r1a1","sN":3,"aN":"c1c9c3c1m1r1a1"}" aria-expanded="false"
style="overflow-x: visible;">
<div class="x-screen-reader" aria-live="assertive"></div>
<input id="cli_shellHeaderSearchInput" aria-label="Search Expanded" aria-autocomplete="list" aria-expanded="false" aria-controls="universal-header-search-auto-suggest-transparent" aria-owns="universal-header-search-auto-suggest-ul" type="search"
name="q" role="combobox" placeholder="Search Microsoft Security" data-m="{"cN":"SearchBox_nav","id":"n1c3c1c9c3c1m1r1a1","sN":1,"aN":"c3c1c9c3c1m1r1a1"}" data-toggle="tooltip"
data-placement="right" title="Search Microsoft Security" style="overflow-x: visible;">
<button id="search" aria-label="Search Microsoft Security" class="c-glyph" data-m="{"cN":"Search_nav","id":"n2c3c1c9c3c1m1r1a1","sN":2,"aN":"c3c1c9c3c1m1r1a1"}"
data-bi-mto="true" aria-expanded="false" style="overflow-x: visible;">
<span role="presentation" style="overflow-x: visible;">Search</span>
<span role="tooltip" class="c-uhf-tooltip c-uhf-search-tooltip" style="overflow-x: visible;">Search Microsoft Security</span>
</button>
<div class="m-auto-suggest" id="universal-header-search-auto-suggest-transparent" role="group" style="overflow-x: visible;">
<ul class="c-menu" id="universal-header-search-auto-suggest-ul" aria-label="Search Suggestions" aria-hidden="true" data-bi-dnt="true" data-bi-mto="true" data-js-auto-suggest-position="default" role="listbox" data-tel="jsll"
data-m="{"cN":"search suggestions_cont","cT":"Container","id":"c3c3c1c9c3c1m1r1a1","sN":3,"aN":"c3c1c9c3c1m1r1a1"}" style="overflow-x: visible;"></ul>
</div>
</form>
Text Content
Skip to main content Microsoft Edge is the only browser optimized for Windows. Maximize your PC performance with features like Sleeping Tabs and Startup Boost. Close Switch now Skip to main content Microsoft Microsoft Security Microsoft Security Microsoft Security * Home * Solutions * Cloud security * Frontline workers * Identity & access * Information protection & governance * Ransomware * Secure remote work * Risk management * SIEM & XDR * Small & medium business * Zero Trust * Products * Product families Product families * Microsoft Defender * Microsoft Entra * Microsoft Purview * Identity & access Identity & access * Azure Active Directory part of Microsoft Entra * Microsoft Entra Permissions Management * Microsoft Entra Verified ID * Azure Key Vault * SIEM & XDR SIEM & XDR * Microsoft Sentinel * Microsoft Defender for Cloud * Microsoft 365 Defender * Microsoft Defender for Endpoint * Microsoft Defender for Office 365 * Microsoft Defender for Identity * Microsoft Defender for Cloud Apps * Microsoft Defender Vulnerability Management * Cloud security Cloud security * Microsoft Defender for Cloud * Azure Firewall * Azure Web App Firewall * Azure DDoS Protection * GitHub Advanced Security * Endpoint security Endpoint security * Microsoft 365 Defender * Microsoft Defender for Endpoint * Microsoft Defender for IoT * Microsoft Defender for Business * Microsoft Defender Vulnerability Management * Risk management & privacy Risk management & privacy * Microsoft Purview Insider Risk Management * Microsoft Purview Communication Compliance * Microsoft Purview eDiscovery * Microsoft Purview Compliance Manager * Microsoft Priva Risk Management * Information protection Information protection * Microsoft Purview Information Protection * Microsoft Purview Data Lifecycle Management * Microsoft Purview Data Loss Prevention * Device management Device management * Microsoft Endpoint Manager * Services * Microsoft Security Experts * Microsoft Defender Experts for Hunting * Microsoft Security Services for Enterprise * Microsoft Security Services for Incident Response * Microsoft Security Services for Modernization * Partners * Resources * Get started Get started * Customer stories * Security 101 * Product trials * How we protect Microsoft * Reports and analysis Reports and analysis * Microsoft Security Insider * Microsoft Digital Defense Report * Security Response Center * Community Community * Microsoft Security Blog * Microsoft Security Events * Microsoft Tech Community * Documentation and training Documentation and training * Documentation * Technical Content Library * Training & certifications * Additional sites Additional sites * Compliance Program for Microsoft Cloud * Microsoft Trust Center * Security Engineering Portal * Service Trust Portal * Contact sales * More * Start free trial * All Microsoft * * Microsoft Security * Azure * Dynamics 365 * Microsoft 365 * Microsoft Teams * Windows 365 * Tech & innovation Tech & innovation * Microsoft Cloud * AI * Azure Space * Mixed reality * Microsoft HoloLens * Microsoft Viva * Quantum computing * Sustainability * Industries Industries * Education * Automotive * Financial services * Government * Healthcare * Manufacturing * Retail * All industries * Partners Partners * Find a partner * Become a partner * Partner Network * Find an advertising partner * Become an advertising partner * Azure Marketplace * AppSource * Resources Resources * Blog * Microsoft Advertising * Developer Center * Documentation * Events * Licensing * Microsoft Learn * Microsoft Research * View Sitemap Search Search Microsoft Security Cancel AUTHOR: MICROSOFT 365 DEFENDER THREAT INTELLIGENCE TEAM Featured image for The many lives of BlackCat ransomware June 13, 2022 • 14 min read THE MANY LIVES OF BLACKCAT RANSOMWARE The use of an unconventional programming language, multiple target devices and possible entry points, and affiliation with prolific threat activity groups have made the BlackCat ransomware a prevalent threat and a prime example of the growing ransomware-as-a-service (RaaS) gig economy. Read more The many lives of BlackCat ransomware Featured image for Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself May 9, 2022 • 36 min read RANSOMWARE-AS-A-SERVICE: UNDERSTANDING THE CYBERCRIME GIG ECONOMY AND HOW TO PROTECT YOURSELF Microsoft coined the term “human-operated ransomware” to clearly define a class of attack driven by expert human intelligence at every step of the attack chain and culminate in intentional business disruption and extortion. In this blog, we explain the ransomware-as-a-service affiliate model and disambiguate between the attacker tools and the various threat actors at play during a security incident. Read more Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself Featured image for Dismantling ZLoader: How malicious ads led to disabled security tools and ransomware April 13, 2022 • 17 min read DISMANTLING ZLOADER: HOW MALICIOUS ADS LED TO DISABLED SECURITY TOOLS AND RANSOMWARE Microsoft took action against the ZLoader trojan by working with telecommunications providers around the world to disrupt key ZLoader infrastructure. In this blog, we detail the various characteristics for identifying ZLoader activity, including its associated tactics, recent campaigns, and affiliated payloads, such as ransomware. Read more Dismantling ZLoader: How malicious ads led to disabled security tools and ransomware Featured image for SpringShell RCE vulnerability: Guidance for protecting against and detecting CVE-2022-22965 April 4, 2022 • 12 min read SPRINGSHELL RCE VULNERABILITY: GUIDANCE FOR PROTECTING AGAINST AND DETECTING CVE-2022-22965 Microsoft provides guidance for customers looking for protection against exploitation and ways to detect vulnerable installations on their network of the critical vulnerability CVE-2022-22965, also known as SpringShell or Spring4Shell. Read more SpringShell RCE vulnerability: Guidance for protecting against and detecting CVE-2022-22965 Featured image for DEV-0537 criminal actor targeting organizations for data exfiltration and destruction March 22, 2022 • 17 min read DEV-0537 CRIMINAL ACTOR TARGETING ORGANIZATIONS FOR DATA EXFILTRATION AND DESTRUCTION The activity we have observed has been attributed to a threat group that Microsoft tracks as DEV-0537, also known as LAPSUS$. DEV-0537 is known for using a pure extortion and destruction model without deploying ransomware payloads. Read more DEV-0537 criminal actor targeting organizations for data exfiltration and destruction Featured image for The evolution of a Mac trojan: UpdateAgent’s progression February 2, 2022 • 13 min read THE EVOLUTION OF A MAC TROJAN: UPDATEAGENT’S PROGRESSION Our discovery and analysis of a sophisticated Mac trojan in October exposed a year-long evolution of a malware family—and depicts the rising complexity of threats across platforms. Read more The evolution of a Mac trojan: UpdateAgent’s progression Featured image for Evolved phishing: Device registration trick adds to phishers’ toolbox for victims without MFA January 26, 2022 • 9 min read EVOLVED PHISHING: DEVICE REGISTRATION TRICK ADDS TO PHISHERS’ TOOLBOX FOR VICTIMS WITHOUT MFA We uncovered a large-scale, multi-phase campaign that adds a novel technique to traditional phishing tactics by joining an attacker-operated device to an organization’s network to further propagate the campaign. Read more Evolved phishing: Device registration trick adds to phishers’ toolbox for victims without MFA Featured image for Destructive malware targeting Ukrainian organizations January 15, 2022 • 6 min read DESTRUCTIVE MALWARE TARGETING UKRAINIAN ORGANIZATIONS Microsoft Threat Intelligence Center (MSTIC) has identified evidence of a destructive malware operation targeting multiple organizations in Ukraine. Read more Destructive malware targeting Ukrainian organizations Featured image for Guidance for preventing, detecting, and hunting for exploitation of the Log4j 2 vulnerability December 11, 2021 • 31 min read GUIDANCE FOR PREVENTING, DETECTING, AND HUNTING FOR EXPLOITATION OF THE LOG4J 2 VULNERABILITY Microsoft is tracking threats taking advantage of the remote code execution (RCE) vulnerability in Apache Log4j 2. Get technical info and guidance for using Microsoft security solutions to protect against attacks. Read more Guidance for preventing, detecting, and hunting for exploitation of the Log4j 2 vulnerability Featured image for A closer look at Qakbot’s latest building blocks (and how to knock them down) December 9, 2021 • 17 min read A CLOSER LOOK AT QAKBOT’S LATEST BUILDING BLOCKS (AND HOW TO KNOCK THEM DOWN) Multiple Qakbot campaigns that are active at any given time prove that the decade-old malware continues to be many attackers’ tool of choice, a customizable chameleon that adapts to suit the needs of the multiple threat actor groups that utilize it. Since emerging in 2007 as a banking Trojan, Qakbot has evolved into a multi-purpose… Read more A closer look at Qakbot’s latest building blocks (and how to knock them down) * 1 * 2 * 3 * … * 5 * Next Page Get all the news, updates, and more at @MSFTSecurity twitter What's new * Surface Laptop Go 2 * Surface Pro 8 * Surface Laptop Studio * Surface Pro X * Surface Go 3 * Surface Duo 2 * Surface Pro 7+ * Windows 11 apps Microsoft Store * Account profile * Download Center * Microsoft Store support * Returns * Order tracking * Virtual workshops and training * Microsoft Store Promise * Flexible Payments Education * Microsoft in education * Devices for education * Microsoft Teams for Education * Microsoft 365 Education * Education consultation appointment * Educator training and development * Deals for students and parents * Azure for students Business * Microsoft Cloud * Microsoft Security * Dynamics 365 * Microsoft 365 * Microsoft Power Platform * Microsoft Teams * Microsoft Industry * Small Business Developer & IT * Azure * Developer Center * Documentation * Microsoft Learn * Microsoft Tech Community * Azure Marketplace * AppSource * Visual Studio Company * Careers * About Microsoft * Company news * Privacy at Microsoft * Investors * Diversity and inclusion * Accessibility * Sustainability English (United States) * Sitemap * Contact Microsoft * Privacy * Manage cookies * Terms of use * Trademarks * Safety & eco * About our ads * © Microsoft 2022