Same targets, new playbooks: East Asia threat actors employ unique methods
04/04/2024Microsoft Threat Intelligence has observed several key cyber and influence trends from China and North Korea since June 2023 that demonstrate not only doubling down on familiar targets, but also attempts to use more sophisticated influence techniques to achieve their goals.
Learn moreTax season cybersecurity: What cybercriminals want and who they target most. Is it you?
03/20/2024
Learn moreThreat Actor Insights
Microsoft Security is actively tracking threat actors across observed nation state, ransomware, and criminal activities. These insights represent publicly published activity from Microsoft Security threat researchers and provide a centralized catalog of actor profiles from the referenced blogs.
Click on a threat actor icon below to learn more.
2023 Microsoft Digital Defense Report
10/05/2023The latest edition of the Microsoft Digital Defense Report explores the evolving threat landscape and walks through opportunities and challenges as we become cyber resilient.
Learn moreBehind the scenes
Security is a team sport. Meet the players.
More than 10,000 defenders worldwide
Microsoft Security’s global network of security and intelligence teams includes engineers, researchers, data scientists, cybersecurity experts, threat hunters, geopolitical analysts, investigators, and frontline responders across 77 countries.
See all expert profilesExpert profile
Homa Hayatyfar
Principal Data and Applied Science Manager Homa Hayatyfar describes the use of machine learning models to reinforce defenses, just one of many ways AI is changing the face of security.
Learn moreExpert profile
Fanta Orr
Threat intelligence expert Fanta Orr explains how threat intelligence analysis uncovers the “why” behind cyberthreat activity and helps better protect customers who might be vulnerable targets.
Learn moreThreat briefs
See All Briefs2023 Threat Intelligence Year in Review: Key Insights and Developments
Microsoft Threat Intelligence rounds up the top threat actor trends in tactics, techniques, and procedures (TTPs) from 2023.
Learn moreReports
See All ReportsSame targets, new playbooks: East Asia threat actors employ unique methods
Microsoft Threat Intelligence has observed several key cyber and influence trends from China and North Korea since June 2023 that demonstrate not only doubling down on familiar targets, but also attempts to use more sophisticated influence techniques to achieve their goals.
Learn moreMore from Microsoft Security
Microsoft Threat Intelligence unveils targets and innovative tactics amidst tax season
Cybercriminals use social engineering during holidays and important events like tax season to steal user information. Our Microsoft Threat Intelligence tax season report outlines some of the various techniques that threat actors use to craft their campaigns and mislead taxpayers into revealing sensitive information, making payments to fake services, or installing malicious payloads.
Learn moreStaying ahead of threat actors in the age of AI
Microsoft, in collaboration with OpenAI, is publishing research on emerging threats in the age of AI, focusing on identified activity associated with known threat actors Forest Blizzard, Emerald Sleet, Crimson Sandstorm, and others. The observed activity includes prompt-injections, attempted misuse of large language models (LLM), and fraud.
Learn moreMidnight Blizzard: Guidance for responders on nation-state attacktication and evasion in ongoing attacks
The Microsoft security team detected a nation-state attack on our corporate systems on January 12, 2024, and immediately activated our response process to investigate, disrupt malicious activity, mitigate the attack, and deny the threat actor further access. The Microsoft Threat Intelligence investigation identified the threat actor as Midnight Blizzard, the Russian state-sponsored actor also known as NOBELIUM.
Learn more