Tax season cybersecurity: What cybercriminals want and who they target most. Is it you?
03/20/2024The tax man, and phishing campaigns, cometh. Microsoft Threat Intelligence reviews what criminals target, how they get it (including details from a newly observed 2024 campaign), and the best practices for keeping businesses and individuals (especially vulnerable populations) safe.
Learn moreThreat Actor Insights
Microsoft Security is actively tracking threat actors across observed nation state, ransomware, and criminal activities. These insights represent publicly published activity from Microsoft Security threat researchers and provide a centralized catalog of actor profiles from the referenced blogs.
Click on a threat actor icon below to learn more.
2023 Microsoft Digital Defense Report
10/05/2023The latest edition of the Microsoft Digital Defense Report explores the evolving threat landscape and walks through opportunities and challenges as we become cyber resilient.
Learn moreBehind the scenes
Security is a team sport. Meet the players.
More than 10,000 defenders worldwide
Microsoft Security’s global network of security and intelligence teams includes engineers, researchers, data scientists, cybersecurity experts, threat hunters, geopolitical analysts, investigators, and frontline responders across 77 countries.
See all expert profilesExpert profile
Homa Hayatyfar
Principal Data and Applied Science Manager Homa Hayatyfar describes the use of machine learning models to reinforce defenses, just one of many ways AI is changing the face of security.
Learn moreExpert profile
Fanta Orr
Threat intelligence expert Fanta Orr explains how threat intelligence analysis uncovers the “why” behind cyberthreat activity and helps better protect customers who might be vulnerable targets.
Learn moreThreat briefs
See All BriefsFeeding from the trust economy: social engineering fraud
Explore an evolving digital landscape where trust is both a currency and a vulnerability. Discover the social engineering fraud tactics cyber attackers use most, and review strategies that can help you identify and outmaneuver social engineering threats designed to manipulate human nature.
Learn moreReports
See All ReportsIran surges cyber-enabled influence operations in support of Hamas
Discover details of Iran’s cyber-enabled influence operations supporting Hamas in Israel. Learn how operations have progressed through different phases of the war, and examine the four key influence tactics, techniques, and procedures (TTPs) Iran favors most.
Learn moreMore from Microsoft Security
Microsoft Threat Intelligence unveils targets and innovative tactics amidst tax season
Cybercriminals use social engineering during holidays and important events like tax season to steal user information. Our Microsoft Threat Intelligence tax season report outlines some of the various techniques that threat actors use to craft their campaigns and mislead taxpayers into revealing sensitive information, making payments to fake services, or installing malicious payloads.
Learn moreStaying ahead of threat actors in the age of AI
Microsoft, in collaboration with OpenAI, is publishing research on emerging threats in the age of AI, focusing on identified activity associated with known threat actors Forest Blizzard, Emerald Sleet, Crimson Sandstorm, and others. The observed activity includes prompt-injections, attempted misuse of large language models (LLM), and fraud.
Learn moreMidnight Blizzard: Guidance for responders on nation-state attacktication and evasion in ongoing attacks
The Microsoft security team detected a nation-state attack on our corporate systems on January 12, 2024, and immediately activated our response process to investigate, disrupt malicious activity, mitigate the attack, and deny the threat actor further access. The Microsoft Threat Intelligence investigation identified the threat actor as Midnight Blizzard, the Russian state-sponsored actor also known as NOBELIUM.
Learn more