Microsoft has disrupted activity by SEABORGIUM, a Russia-based actor launching persistent phishing, credential and data theft, intrusions, and hack-and-leak campaigns tied to espionage. More details + TTPs in this MSTIC blog: msft.it/6018jVwFO

Are you interested in learning how you can leverage Microsoft Security APIs for incident response? Part 1 of this 3-part series is now available: techcommunity.microsoft.com/t5/security-co… #MicrosoftDART #DFIR #IncidentResponse

Microsoft has discovered a post-compromise capability we’re calling MagicWeb, which the threat actor tracked as NOBELIUM is using to maintain persistent access to environments they have compromised. In-depth technical analysis and hunting guidance here: msft.it/6016jeB4i

How threat intelligence became key to Microsoft's computer security – ift.tt/RXPeTZj

microsoft.com/en-us/security…

Microsoft has been tracking Iranian actor PHOSPHORUS’ ransomware sub-group known as DEV-0270, aka Nemesis Kitten. The group is responsible for multiple attacks typically using high-severity vulnerabilities to gain access. TTPs and more in our latest blog: microsoft.com/security/blog/…

Microsoft Detection and Response Team (DART) was engaged to lead the investigation on destructive cyberattacks launched against the Albanian government in mid-July. We assess that the attack was launched by an Iranian state-sponsored actor. Full report: microsoft.com/security/blog/…

Our latest blog details findings our investigation in partnership with Microsoft Threat Intelligence Center (#MSTIC) on the cyberattacks against the Albanian government in mid-July. Read more: microsoft.com/security/blog/…

Microsoft has detected social engineering campaigns targeting employees of orgs across industries in the US, UK, India, Russia. MSTIC attributes the campaigns to North Korea-based actor ZINC, which used multiple weaponized open-source software. More info: msft.it/6018d8lvr

This post-incident report details some of the TTPs seen in a recent ransomware incident. Learn about best practices from Microsoft Detection and Response Team (DART): msft.it/6016dVE1K

Cybersecurity risk in mergers and acquisitions is an increasing issue for both IT security and business decision-makers. Read more about what we do at #MicrosoftDART: microsoft.com/en-us/security…

Threat actor tactics to bypass controls and compromise tokens present additional challenges to defenders. Microsoft DART outlines strategies for organizations to detect, mitigate, and respond to threats of this nature: msft.it/6017dauVN

Threat actors are known to use malicious IIS extensions to open persistent backdoors in servers. As a follow up to a blog on these threats, the Microsoft Detection and Response Team (DART) provides tips on logging and monitoring: msft.it/6016eP7ZM

If you are in the security research or response field and interested in attending, please submit an application as soon as possible. Applications close January 6, 2023, or when all available passes have been allocated. Full details can be found here: msrc-blog.microsoft.com/2022/12/02/blu…

The Unified Audit Log can help build a full story of a threat actor’s activity in #Office365, but its sheer size and detail can be daunting. Are you equipped to hunt through this forensic artifact effectively? Read our latest blog to find out: techcommunity.microsoft.com/t5/microsoft-s…