Microsoft Threat Intelligence’s cover photo
Microsoft Threat Intelligence

Microsoft Threat Intelligence

Computer and Network Security

Redmond, Washington 130,528 followers

We are Microsoft's global network of security experts. Follow for security research and threat intelligence.

About us

The Microsoft Threat Intelligence community is made up of more than 10,000 world-class experts, security researchers, analysts, and threat hunters analyzing 78 trillion signals daily to discover threats and deliver timely and hyper-relevant insight to protect customers. Our research covers a broad spectrum of threats, including threat actors and the infrastructure that enables them, as well as the tools and techniques they use in their attacks.

Website
https://aka.ms/threatintelblog
Industry
Computer and Network Security
Company size
10,001+ employees
Headquarters
Redmond, Washington
Specialties
Computer & network security, Information technology & services, Cybersecurity, Threat intelligence, Threat protection, and Security

Updates

  • While investigating wiping attacks, Microsoft Threat Intelligence uncovered GigaWiper, a destructive backdoor that combines multiple wiping and ransomware-like capabilities into one implant, an approach that gives attackers more flexibility while reducing operational footprint. https://msft.it/6048vIRIo Our analysis found that the backdoor embeds multiple previously separate malware families as on-demand commands: a standalone disk wiper, code derived from Crucio ransomware, and a reimplementation of the FlockWiper wiper in Golang. Read our latest blog for a code-level analysis of GigaWiper, detailed breakdowns of its persistence, command-and-control, and destructive capabilities, and guidance to help defenders investigate, detect, and defend against similar threats.

  • Microsoft Threat Intelligence continues to observe extortion that begins with data theft rather than encryption, with enterprise file transfer systems serving as the point of entry. When the software that moves and stores sensitive data is exposed, threat actors can reach and exfiltrate it without triggering the obvious impact events defenders are trained to watch for. CVE-2025-10035, a critical deserialization flaw in GoAnywhere Managed File Transfer License Servlet illustrates the risk. Rated CVSS 10.0, the vulnerability could allow an unauthenticated attacker to forge a license response signature and achieve remote code execution on internet-exposed instances. Microsoft observed active exploitation of this zero-day used to gain access and stage data exfiltration, turning a trusted file transfer appliance into a direct path to the data it handles: https://lnkd.in/ePQ7TDRK Cloud storage carries similar exposure. Weak access controls can open such services to exfiltration: publicly exposed containers, storage account keys and shared access signatures leaked in code and configuration files, and file transfer pathways such as SFTP-enabled storage accounts that can be abused to move data out. AI further enhance these operations, as actors are already using language models to generate plausible storage account and container names, making the brute-force enumeration that precedes exfiltration faster and more effective: https://lnkd.in/ehu2ab8v Theft can precede any visible disruption, which makes visibility into identities, access, and the file transfer surface essential. For the latest research from the Microsoft Threat Intelligence community, visit the Microsoft Threat Intelligence Blog: https://lnkd.in/gYD_Re3b

    Some cybercrime groups do not need ransomware at all. They do not encrypt environments. They do not cause obvious disruption. They steal data at scale, wait for the patch cycle to catch up, and extort the victim after the fact. Lace Tempest has done this repeatedly against enterprise file transfer software: GoAnywhere MFT, MOVEit Transfer, Cleo, CrushFTP, and SysAid. In 2023 alone, MOVEit exploitation affected 2,700+ organizations, and GoAnywhere MFT affected 130+ victims. The model is brutally efficient: exploit the software, exfiltrate the data, and extort the victim through the Clop leak site. No encryption required. That makes the detection problem harder, not easier. No ransomware deployment means no obvious impact event. No outage. No service interruption. No malware-specific alert. In many cases, organizations do not realize they were compromised until an extortion demand arrives weeks later. AI makes this model sharper after theft: faster triage, faster targeting, faster pressure. That shrinks the time leaders have to understand exposure before leverage arrives. If your crisis model begins at “ransomware,” you’re describing a past version of the problem. The lesson is straightforward: extortion is no longer synonymous with ransomware. Defenders who wait for encryption as the defining signal are already behind. For the latest security research from the Microsoft Threat Intelligence community, check out https://lnkd.in/e2-fYr2e #MSFTHotCybercrimeSummer #MicrosoftSecurity #ThreatIntelligence #MSFT

    • No alternative text description for this image
  • In multiple incident investigations, Microsoft Threat Intelligence has observed threat actors gain meaningful access without deploying malware or exploiting a vulnerability. The decisive activity occurs before any payload appears, as operators manipulate targets into granting access through support pretexts, manipulated workflows, or credential capture on attacker infrastructure. This places the intrusion outside the visibility of detection built around malicious code. Storm-1811 illustrates the technique. The actor generated urgency through email bombing, then posed as IT or help desk support offering to remediate the disruption it had created and used that pretext to direct targets toward granting remote control of their devices through legitimate tooling. A routine support interaction became hands-on-keyboard access, achieved by manipulating an established trust relationship rather than the endpoint itself. https://lnkd.in/eqjyeDui AI is making this tradecraft more scalable and more convincing. Microsoft Threat Intelligence is tracking a growing number of campaigns that impersonate trusted AI platforms as a lure for credential and token theft. One campaign used acceptable use policy enforcement lures, routing users through an AiTM flow that captured credentials and active access tokens sufficient to bypass MFA and ride a valid session. Others abused popular AI service brands at the scale of 100,000 emails in a single day, with the impersonated brand shifting to whatever platform users currently trust: https://lnkd.in/eV6fBxfy The attack surface extends beyond software vulnerabilities and malware delivery. When attackers gain access through manipulation, defenders need visibility into the identities, accounts, and authentication events that enable the intrusion. To ground a detection model in identity and access, see Microsoft's identity-first security best practices: https://lnkd.in/gbApiF-r

    In today’s security landscape, some of the most damaging intrusions don’t start with malware. Instead, they start with identity abuse, social engineering, insider bribery, and access gained through trust. And we've already seen this play out at scale. Strawberry Tempest breached some of the most protected organizations in the world. Octo Tempest matured this approach into full ransomware operations. Storm-1811 convinced users to hand over remote control through Quick Assist. What connects these actors isn't a shared toolset, it's a shared insight: human support processes and identity infrastructure can be a greater point of leverage than software vulnerabilities. That reality forces a shift in detection practices. It’s no longer just about malicious code. The compromise may begin as a phone call, a text, a fake support interaction, or a trusted workflow turned against us. Trust has become the attack path. If your detection model is moving toward identity and behavior, Microsoft's identity-first security best practices will help ground your approach: https://lnkd.in/ekK6SZkE #MSFTHotCybercrimeSummer #MicrosoftSecurity #ThreatIntelligence

    • No alternative text description for this image
  • AI is accelerating vulnerability research on both sides of the security equation, enabling defenders to find and prioritize issues faster while also lowering barriers for threat actors. As these capabilities become more accessible, cybersecurity experts expect vulnerability volume to continue growing. https://msft.it/6049vtwTv The rapid pace of software development is making responsible disclosure increasingly complex. Security researchers must balance the value of publishing vulnerability findings that help defenders against the risk of making those same insights available to adversaries. Security teams face a future where AI-powered capabilities are available to nearly everyone, yet the impact extends beyond technology. As AI takes on more security tasks, cybersecurity professionals continue to wrestle with which decisions should remain human-driven and where expertise, judgment, and community matter most. Learn more from Casey Ellis, founder of Bugcrowd and co-founder of disclose.io, on the Microsoft Threat Intelligence Podcast with Sherrod DeGrippo.

  • As enterprise deployments mature, some enterprise AI agents are shifting from reading content to taking action, creating opportunities for threat actors to misuse trust relationships within agent workflows. The security implications extend beyond prompts and outputs to the tools that agents rely on to operate. https://msft.it/6046vssKa In this blog, Microsoft Incident Response explores an attack pattern targeting Model Context Protocol (MCP) tools, where poisoned tool metadata can subtly influence agent decision-making and redirect legitimate workflows toward unintended actions and outcomes. Because each individual action appears legitimate, misuse can be difficult to identify. The issue lies in the trust boundary between approved tools, agent permissions, and connected systems rather than in any single system. Read the full analysis for a practical playbook, mapped to the OWASP Top 10 for Agentic Applications, including guidance to govern agent supply chains, establish stronger controls, and detect anomalous agent behavior.

  • A malicious Chromium-based extension spoofed the AI-powered answer engine Perplexity AI to intercept browser search traffic and collect user input before redirecting users to expected search providers. https://msft.it/6049vs6fX Microsoft Threat Intelligence observed the extension using Manifest Version 3 capabilities and intermediary infrastructure to intercept search queries while preserving the appearance of legitimate search results. The extension has been taken down following responsible disclosure to Google. While browser search hijacking is not new, this research highlights how threat actors are operationalizing AI to accelerate attacks, specifically the use of AI brands as a social engineering vector. https://msft.it/6040vs6fk Organizations should strengthen user awareness around AI-themed social engineering and use layered defenses that correlate indicators, behavioral signals, and threat intelligence. Read our latest blog for a detailed analysis of this malicious extension, along with Microsoft Defender detection, mitigation, and protection guidance.

  • A single intrusion exposed parallel activity from two unrelated threat actors operating at the same time, blending tactics, obscuring signals, and enabling sustained access while masking the full scope of the compromise. Microsoft Incident Response found activity associated with Storm-2603, including reconnaissance targeting on-premises SharePoint servers, persistence through legitimate tools, and multiple remote access channels. Investigators also uncovered a second threat actor whose use of DLL sideloading and custom backdoors complicated attribution and detection. The case highlights how overlapping intrusion activity can mask the full scope of an attack and why connected telemetry, coordinated response, and operational preparedness remain critical for defenders. Read the full cyberattack series report to learn more: https://msft.it/6049vqXbv

  • Microsoft Threat Intelligence has identified an active multi-stage intrusion campaign targeting hospitality organizations in Europe and Asia. The campaign uses photo-themed ZIP archives and fake image shortcut files to deliver a persistent Node.js implant and evade detection. https://msft.it/6047vUCzf Threat actors have continued to refine the campaign over time while maintaining the same core attack chain. Microsoft observed two distinct waves of activity, including changes to delivery mechanisms, infrastructure, and evasion techniques designed to help the operation persist and avoid detection. For example, the second wave demonstrates the resilience of the campaign's dual-persistence model. In one observed case, malicious payloads were blocked, yet Node.js persistence remained active and later re-established command-and-control (C2) communications through new infrastructure. Learn more about the campaign's evolution, phishing infrastructure, and persistence mechanisms, and review Microsoft Defender detections and recommendations to help organizations investigate and defend against this activity.

  • Phishing-as-a-service (PhaaS) platforms using adversary-in-the-middle (AiTM) techniques have introduced a scalable, subscription-based model for bypassing multifactor authentication (MFA). Microsoft Threat Intelligence tracks the group behind one of the most widespread of these platforms, Tycoon2FA (Storm-1747), which has enabled campaigns responsible for tens of millions of phishing messages reaching more than 500,000 organizations each month since August 2023. The technique works by proxying authentication in real time between the victim and the legitimate sign-in page. The victim completes MFA normally, and the platform captures the resulting session cookie after authentication is already complete, giving the attacker an authenticated session without needing to defeat MFA directly. Phishing kits sold through the platform start at $120 for 10 days of access, lowering the barrier for less technically skilled actors to conduct account compromise at scale. https://lnkd.in/eSf_5UTX In March 2026, Microsoft's Digital Crimes Unit, coordinating with Europol and industry partners, disrupted Tycoon2FA's infrastructure. Associated phishing volume declined 15% over the remainder of the month, and targets' ability to reach active phishing pages was substantially reduced. Microsoft Threat Intelligence subsequently observed Tycoon2FA moving away from its previous hosting providers, suggesting the group is attempting to find replacement services that offer comparable protections: https://lnkd.in/eDeTPZrZ Disruption operations reduce immediate scale, but the commoditization of AiTM phishing means that defending against session theft requires controls beyond traditional MFA. Session token protection, continuous access evaluation, and phishing-resistant authentication methods address the specific gap these platforms exploit. For guidance on phishing-resistant authentication and defending against AiTM session theft, see: https://lnkd.in/gUbaG8c8

    Multifactor authentication changed the economics of intrusion. So, criminals built a service to get around it. This week in our Hot Cybercrime Summer series, we're talking about the industrialization of MFA bypass.   This criminal operation, known as phishing-as-a-service, is already in use at scale today. These platforms are fast, and what they produce looks and feels so real that it's forcing a genuine reevaluation of our defenses.   Phishing-as-a-service platforms fundamentally change how identity-based attacks work. They act as a real-time proxy between the victim and the legitimate login page, capturing the authenticated session cookie after MFA is complete and handing it to the attacker. The attacker logs in as the user, already authenticated. MFA never had a chance to stop it, because it all looks perfectly legitimate. And AI makes the ecosystem easier to scale and tailor, increasing the likelihood of damage.   Microsoft tracks three distinct phishing-as-a-service platforms. One generated more than 753,000 phishing emails in a single month. Another targets Microsoft 365 exclusively and allows affiliates to customize the phishing page with your organization's own logo and branding. A third, Tycoon2FA, was available to any criminal willing to pay a monthly subscription fee before Microsoft and law enforcement disrupted it.    MFA remains a powerful security tool. It’s one of the most important controls any organization can put in place. But the defense must evolve. The conversation now needs to center on session token protection, continuous access evaluation, and phishing-resistant authentication.   The attackers have already adapted. The task for security leaders is to make sure their defenses do too.   For a practical starting point on moving beyond traditional MFA: https://lnkd.in/eKJHYzVK #MSFTHotCybercrimeSummer #MicrosoftSecurity #MicrosoftThreatIntelligence

    • No alternative text description for this image
  • Microsoft Threat Intelligence has observed a supply chain attack targeting the Leo Platform/RStreams npm ecosystem. On June 24, 2026, at 23:04:55 UTC, a compromised maintainer account ("czirker") to publish malicious versions of 20+ npm packages in a coordinated, fully automated operation completed in under three seconds. Each malicious package ships a tiny binding.gyp and a large index.js, with no postinstall script. The attacker hides the install hook inside node-gyp's command expansion: the binding.gyp sources array contains <!(node index.js > /dev/null 2>&1 && echo stub.c), so npm install runs index.js at build time. index.js is a three-layer dropper: a ROT char code cipher, then AES-128-GCM (two encrypted blobs), then an obfuscator[.]io toolkit. The loader writes the toolkit to /tmp/p.js and runs it under the Bun runtime (downloaded as v1.3.13), not Node, to sidestep Node-based instrumentation and EDR module load detection. On a CI runner or workstation, the toolkit: - Steals runner memory: locates the GitHub Actions Runner.Worker process and reads /proc/{pid}/mem to lift secrets that CI masks in its logs - Sweeps credentials: AWS, GCP, Azure, HashiCorp Vault, Kubernetes, plus npm, PyPI, RubyGems, JFrog tokens, GitHub PATs, and 1Password - Exfiltrates with no C2 domain: commits the stolen secrets to an attacker-controlled GitHub repository using the victim's own GitHub token, a "dead drop" that defeats egress domain blocklists - Self-propagates: republishes any package the victim can publish to, bypassing npm 2FA (bypass_2fa) - Escalates and persists: on GitHub hosted runners write runner ALL=(ALL) NOPASSWD:ALL for sudo, and injects workflows requesting id-token: write This attack affects leo-logger@1.0.8, leo-sdk@6.0.19, leo-aws@2.0.4, leo-config@1.1.1, leo-streams@2.0.1, serverless-leo@3.0.14, leo-connector-mongo@3.0.8, serverless-convention@2.0.4, rstreams-metrics@2.0.2, leo-connector-elasticsearch@2.0.6, leo-auth@4.0.6, leo-cache@1.0.2, leo-cli@3.0.3, leo-cron@2.0.2, leo-connector-redshift@3.0.6, leo-connector-oracle@2.0.1, rstreams-shard-util@1.0.1, leo-connector-mysql@3.0.3, leo-cdk-lib@0.0.2, and solo-nav@1.0.1. Microsoft Defender for Endpoint customers should act on these alerts: - Trojan:JS/MiniShaiHrd[.]ZA!MTB (index.js) - Trojan:JS/PhantomWorm[.]DA!MTB (binding.gyp) – Suspicious Node.js process behavior – Suspicious installation of Bun runtime – Suspicious usage of Bun runtime – Suspicious script execution via Bun – Credential access attempt – Kubernetes secrets enumeration indicative of credential access Microsoft Defender for Cloud detects this activity: - Suspicious supply-chain compromise activity detected - Suspicious npm supply-chain compromise activity detected

    • No alternative text description for this image

Affiliated pages

Similar pages