www.microsoft.com Open in urlscan Pro
2a02:26f0:1700:1b8::356e  Public Scan

URL: https://www.microsoft.com/security/blog/author/microsoft-threat-protection-intelligence-team/
Submission: On July 04 via api from US — Scanned from DE

Form analysis 1 forms found in the DOM

Name: searchFormGET https://www.microsoft.com/en-us/security/site-search

<form class="c-search" autocomplete="off" id="searchForm" name="searchForm" role="search" action="https://www.microsoft.com/en-us/security/site-search" method="GET" data-seautosuggest=""
  data-seautosuggestapi="https://www.microsoft.com/msstoreapiprod/api/autosuggest"
  data-m="{&quot;cN&quot;:&quot;GlobalNav_Search_cont&quot;,&quot;cT&quot;:&quot;Container&quot;,&quot;id&quot;:&quot;c3c1c9c3c1m1r1a1&quot;,&quot;sN&quot;:3,&quot;aN&quot;:&quot;c1c9c3c1m1r1a1&quot;}" aria-expanded="false"
  style="overflow-x: visible;">
  <div class="x-screen-reader" aria-live="assertive"></div>
  <input id="cli_shellHeaderSearchInput" aria-label="Search Expanded" aria-autocomplete="list" aria-expanded="false" aria-controls="universal-header-search-auto-suggest-transparent" aria-owns="universal-header-search-auto-suggest-ul" type="search"
    name="q" role="combobox" placeholder="Search Microsoft Security" data-m="{&quot;cN&quot;:&quot;SearchBox_nav&quot;,&quot;id&quot;:&quot;n1c3c1c9c3c1m1r1a1&quot;,&quot;sN&quot;:1,&quot;aN&quot;:&quot;c3c1c9c3c1m1r1a1&quot;}" data-toggle="tooltip"
    data-placement="right" title="Search Microsoft Security" style="overflow-x: visible;">
  <button id="search" aria-label="Search Microsoft Security" class="c-glyph" data-m="{&quot;cN&quot;:&quot;Search_nav&quot;,&quot;id&quot;:&quot;n2c3c1c9c3c1m1r1a1&quot;,&quot;sN&quot;:2,&quot;aN&quot;:&quot;c3c1c9c3c1m1r1a1&quot;}"
    data-bi-mto="true" aria-expanded="false" style="overflow-x: visible;">
    <span role="presentation" style="overflow-x: visible;">Search</span>
    <span role="tooltip" class="c-uhf-tooltip c-uhf-search-tooltip" style="overflow-x: visible;">Search Microsoft Security</span>
  </button>
  <div class="m-auto-suggest" id="universal-header-search-auto-suggest-transparent" role="group" style="overflow-x: visible;">
    <ul class="c-menu" id="universal-header-search-auto-suggest-ul" aria-label="Search Suggestions" aria-hidden="true" data-bi-dnt="true" data-bi-mto="true" data-js-auto-suggest-position="default" role="listbox" data-tel="jsll"
      data-m="{&quot;cN&quot;:&quot;search suggestions_cont&quot;,&quot;cT&quot;:&quot;Container&quot;,&quot;id&quot;:&quot;c3c3c1c9c3c1m1r1a1&quot;,&quot;sN&quot;:3,&quot;aN&quot;:&quot;c3c1c9c3c1m1r1a1&quot;}" style="overflow-x: visible;"></ul>
  </div>
</form>

Text Content

Skip to main content
Microsoft Edge is the only browser optimized for Windows. Maximize your PC
performance with features like Sleeping Tabs and Startup Boost.
Close Switch now
Skip to main content
Microsoft
Microsoft Security
Microsoft Security
Microsoft Security
 * Home
 * Solutions
    * Cloud security
    * Frontline workers
    * Identity & access
    * Information protection & governance
    * Ransomware
    * Secure remote work
    * Risk management
    * SIEM & XDR
    * Small & medium business
    * Zero Trust

 * Products
    * Product families Product families
      * Microsoft Defender
      * Microsoft Entra
      * Microsoft Purview
    * Identity & access Identity & access
      * Azure Active Directory part of Microsoft Entra
      * Microsoft Entra Permissions Management
      * Microsoft Entra Verified ID
      * Azure Key Vault
    * SIEM & XDR SIEM & XDR
      * Microsoft Sentinel
      * Microsoft Defender for Cloud
      * Microsoft 365 Defender
      * Microsoft Defender for Endpoint
      * Microsoft Defender for Office 365
      * Microsoft Defender for Identity
      * Microsoft Defender for Cloud Apps
      * Microsoft Defender Vulnerability Management
    * Cloud security Cloud security
      * Microsoft Defender for Cloud
      * Azure Firewall
      * Azure Web App Firewall
      * Azure DDoS Protection
      * GitHub Advanced Security
    * Endpoint security Endpoint security
      * Microsoft 365 Defender
      * Microsoft Defender for Endpoint
      * Microsoft Defender for IoT
      * Microsoft Defender for Business
      * Microsoft Defender Vulnerability Management
    * Risk management & privacy Risk management & privacy
      * Microsoft Purview Insider Risk Management
      * Microsoft Purview Communication Compliance
      * Microsoft Purview eDiscovery
      * Microsoft Purview Compliance Manager
      * Microsoft Priva Risk Management
    * Information protection Information protection
      * Microsoft Purview Information Protection
      * Microsoft Purview Data Lifecycle Management
      * Microsoft Purview Data Loss Prevention
    * Device management Device management
      * Microsoft Endpoint Manager

 * Services
    * Microsoft Security Experts
    * Microsoft Defender Experts for Hunting
    * Microsoft Security Services for Enterprise
    * Microsoft Security Services for Incident Response
    * Microsoft Security Services for Modernization

 * Partners
 * Resources
    * Get started Get started
      * Customer stories
      * Security 101
      * Product trials
      * How we protect Microsoft
    * Reports and analysis Reports and analysis
      * Microsoft Security Insider
      * Microsoft Digital Defense Report
      * Security Response Center
    * Community Community
      * Microsoft Security Blog
      * Microsoft Security Events
      * Microsoft Tech Community
    * Documentation and training Documentation and training
      * Documentation
      * Technical Content Library
      * Training & certifications
    * Additional sites Additional sites
      * Compliance Program for Microsoft Cloud
      * Microsoft Trust Center
      * Security Engineering Portal
      * Service Trust Portal

 * Contact sales
 * More
 * Start free trial

 * All Microsoft
    * * Microsoft Security
      * Azure
      * Dynamics 365
      * Microsoft 365
      * Microsoft Teams
      * Windows 365
    * Tech & innovation Tech & innovation
      * Microsoft Cloud
      * AI
      * Azure Space
      * Mixed reality
      * Microsoft HoloLens
      * Microsoft Viva
      * Quantum computing
      * Sustainability
    * Industries Industries
      * Education
      * Automotive
      * Financial services
      * Government
      * Healthcare
      * Manufacturing
      * Retail
      * All industries
    * Partners Partners
      * Find a partner
      * Become a partner
      * Partner Network
      * Find an advertising partner
      * Become an advertising partner
      * Azure Marketplace
      * AppSource
    * Resources Resources
      * Blog
      * Microsoft Advertising
      * Developer Center
      * Documentation
      * Events
      * Licensing
      * Microsoft Learn
      * Microsoft Research
    * View Sitemap


Search Search Microsoft Security

Cancel


AUTHOR: MICROSOFT 365 DEFENDER THREAT INTELLIGENCE TEAM

Featured image for The many lives of BlackCat ransomware
June 13, 2022 • 14 min read


THE MANY LIVES OF BLACKCAT RANSOMWARE

The use of an unconventional programming language, multiple target devices and
possible entry points, and affiliation with prolific threat activity groups have
made the BlackCat ransomware a prevalent threat and a prime example of the
growing ransomware-as-a-service (RaaS) gig economy.
Read more The many lives of BlackCat ransomware
Featured image for Ransomware-as-a-service: Understanding the cybercrime gig
economy and how to protect yourself
May 9, 2022 • 36 min read


RANSOMWARE-AS-A-SERVICE: UNDERSTANDING THE CYBERCRIME GIG ECONOMY AND HOW TO
PROTECT YOURSELF

Microsoft coined the term “human-operated ransomware” to clearly define a class
of attack driven by expert human intelligence at every step of the attack chain
and culminate in intentional business disruption and extortion. In this blog, we
explain the ransomware-as-a-service affiliate model and disambiguate between the
attacker tools and the various threat actors at play during a security incident.
Read more Ransomware-as-a-service: Understanding the cybercrime gig economy and
how to protect yourself
Featured image for Dismantling ZLoader: How malicious ads led to disabled
security tools and ransomware
April 13, 2022 • 17 min read


DISMANTLING ZLOADER: HOW MALICIOUS ADS LED TO DISABLED SECURITY TOOLS AND
RANSOMWARE

Microsoft took action against the ZLoader trojan by working with
telecommunications providers around the world to disrupt key ZLoader
infrastructure. In this blog, we detail the various characteristics for
identifying ZLoader activity, including its associated tactics, recent
campaigns, and affiliated payloads, such as ransomware.
Read more Dismantling ZLoader: How malicious ads led to disabled security tools
and ransomware
Featured image for SpringShell RCE vulnerability: Guidance for protecting
against and detecting CVE-2022-22965
April 4, 2022 • 12 min read


SPRINGSHELL RCE VULNERABILITY: GUIDANCE FOR PROTECTING AGAINST AND DETECTING
CVE-2022-22965

Microsoft provides guidance for customers looking for protection against
exploitation and ways to detect vulnerable installations on their network of the
critical vulnerability CVE-2022-22965, also known as SpringShell or
Spring4Shell.
Read more SpringShell RCE vulnerability: Guidance for protecting against and
detecting CVE-2022-22965
Featured image for DEV-0537 criminal actor targeting organizations for data
exfiltration and destruction
March 22, 2022 • 17 min read


DEV-0537 CRIMINAL ACTOR TARGETING ORGANIZATIONS FOR DATA EXFILTRATION AND
DESTRUCTION

The activity we have observed has been attributed to a threat group that
Microsoft tracks as DEV-0537, also known as LAPSUS$. DEV-0537 is known for using
a pure extortion and destruction model without deploying ransomware payloads.
Read more DEV-0537 criminal actor targeting organizations for data exfiltration
and destruction
Featured image for The evolution of a Mac trojan: UpdateAgent’s progression
February 2, 2022 • 13 min read


THE EVOLUTION OF A MAC TROJAN: UPDATEAGENT’S PROGRESSION

Our discovery and analysis of a sophisticated Mac trojan in October exposed a
year-long evolution of a malware family—and depicts the rising complexity of
threats across platforms.
Read more The evolution of a Mac trojan: UpdateAgent’s progression
Featured image for Evolved phishing: Device registration trick adds to phishers’
toolbox for victims without MFA
January 26, 2022 • 9 min read


EVOLVED PHISHING: DEVICE REGISTRATION TRICK ADDS TO PHISHERS’ TOOLBOX FOR
VICTIMS WITHOUT MFA

We uncovered a large-scale, multi-phase campaign that adds a novel technique to
traditional phishing tactics by joining an attacker-operated device to an
organization’s network to further propagate the campaign.
Read more Evolved phishing: Device registration trick adds to phishers’ toolbox
for victims without MFA
Featured image for Destructive malware targeting Ukrainian organizations
January 15, 2022 • 6 min read


DESTRUCTIVE MALWARE TARGETING UKRAINIAN ORGANIZATIONS

Microsoft Threat Intelligence Center (MSTIC) has identified evidence of a
destructive malware operation targeting multiple organizations in Ukraine.
Read more Destructive malware targeting Ukrainian organizations
Featured image for Guidance for preventing, detecting, and hunting for
exploitation of the Log4j 2 vulnerability
December 11, 2021 • 31 min read


GUIDANCE FOR PREVENTING, DETECTING, AND HUNTING FOR EXPLOITATION OF THE LOG4J 2
VULNERABILITY

Microsoft is tracking threats taking advantage of the remote code execution
(RCE) vulnerability in Apache Log4j 2. Get technical info and guidance for using
Microsoft security solutions to protect against attacks.
Read more Guidance for preventing, detecting, and hunting for exploitation of
the Log4j 2 vulnerability
Featured image for A closer look at Qakbot’s latest building blocks (and how to
knock them down)
December 9, 2021 • 17 min read


A CLOSER LOOK AT QAKBOT’S LATEST BUILDING BLOCKS (AND HOW TO KNOCK THEM DOWN)

Multiple Qakbot campaigns that are active at any given time prove that the
decade-old malware continues to be many attackers’ tool of choice, a
customizable chameleon that adapts to suit the needs of the multiple threat
actor groups that utilize it. Since emerging in 2007 as a banking Trojan, Qakbot
has evolved into a multi-purpose…
Read more A closer look at Qakbot’s latest building blocks (and how to knock
them down)
 * 1
 * 2
 * 3
 * …
 * 5
 * Next Page

Get all the news, updates, and more at
@MSFTSecurity twitter

What's new
 * Surface Laptop Go 2
 * Surface Pro 8
 * Surface Laptop Studio
 * Surface Pro X
 * Surface Go 3
 * Surface Duo 2
 * Surface Pro 7+
 * Windows 11 apps

Microsoft Store
 * Account profile
 * Download Center
 * Microsoft Store support
 * Returns
 * Order tracking
 * Virtual workshops and training
 * Microsoft Store Promise
 * Flexible Payments

Education
 * Microsoft in education
 * Devices for education
 * Microsoft Teams for Education
 * Microsoft 365 Education
 * Education consultation appointment
 * Educator training and development
 * Deals for students and parents
 * Azure for students

Business
 * Microsoft Cloud
 * Microsoft Security
 * Dynamics 365
 * Microsoft 365
 * Microsoft Power Platform
 * Microsoft Teams
 * Microsoft Industry
 * Small Business

Developer & IT
 * Azure
 * Developer Center
 * Documentation
 * Microsoft Learn
 * Microsoft Tech Community
 * Azure Marketplace
 * AppSource
 * Visual Studio

Company
 * Careers
 * About Microsoft
 * Company news
 * Privacy at Microsoft
 * Investors
 * Diversity and inclusion
 * Accessibility
 * Sustainability

English (United States)
 * Sitemap
 * Contact Microsoft
 * Privacy
 * Manage cookies
 * Terms of use
 * Trademarks
 * Safety & eco
 * About our ads
 * © Microsoft 2022