Same targets, new playbooks: East Asia threat actors employ unique methods
04/04/2024Microsoft Threat Intelligence has observed several key cyber and influence trends from China and North Korea since June 2023 that demonstrate not only doubling down on familiar targets, but also attempts to use more sophisticated influence techniques to achieve their goals.
Learn more
Tax season cybersecurity: What cybercriminals want and who they target most. Is it you?
03/20/2024
Learn more
Threat Actor Insights
Microsoft Security is actively tracking threat actors across observed nation state, ransomware, and criminal activities. These insights represent publicly published activity from Microsoft Security threat researchers and provide a centralized catalog of actor profiles from the referenced blogs.
Click on a threat actor icon below to learn more.
Share
Share
2023 Microsoft Digital Defense Report
10/05/2023The latest edition of the Microsoft Digital Defense Report explores the evolving threat landscape and walks through opportunities and challenges as we become cyber resilient.
Learn moreBehind the scenes
Security is a team sport. Meet the players.
More than 10,000 defenders worldwide
Microsoft Security’s global network of security and intelligence teams includes engineers, researchers, data scientists, cybersecurity experts, threat hunters, geopolitical analysts, investigators, and frontline responders across 77 countries.
See all expert profiles
Homa Hayatyfar
02/14/2024
Principal Data and Applied Science Manager Homa Hayatyfar describes the use of machine learning models to reinforce defenses, just one of many ways AI is changing the face of security.
Learn more
Fanta Orr
08/31/2023
Threat intelligence expert Fanta Orr explains how threat intelligence analysis uncovers the “why” behind cyberthreat activity and helps better protect customers who might be vulnerable targets.
Learn more
Expert profile
Homa Hayatyfar
02/14/2024
Principal Data and Applied Science Manager Homa Hayatyfar describes the use of machine learning models to reinforce defenses, just one of many ways AI is changing the face of security.
Learn more
Expert profile
Fanta Orr
08/31/2023
Threat intelligence expert Fanta Orr explains how threat intelligence analysis uncovers the “why” behind cyberthreat activity and helps better protect customers who might be vulnerable targets.
Learn moreThreat briefs
See All Briefs
Same targets, new playbooks: East Asia threat actors employ unique methods
04/04/2024
Microsoft Threat Intelligence has observed several key cyber and influence trends from China and North Korea since June 2023 that demonstrate not only doubling down on familiar targets, but also attempts to use more sophisticated influence techniques to achieve their goals.
Learn moreReports
See All Reports
Iran surges cyber-enabled influence operations in support of Hamas
02/07/2024
Discover details of Iran’s cyber-enabled influence operations supporting Hamas in Israel. Learn how operations have progressed through different phases of the war, and examine the four key influence tactics, techniques, and procedures (TTPs) Iran favors most.
Learn moreMore from Microsoft Security
Microsoft Threat Intelligence unveils targets and innovative tactics amidst tax season
03/20/2024
Cybercriminals use social engineering during holidays and important events like tax season to steal user information. Our Microsoft Threat Intelligence tax season report outlines some of the various techniques that threat actors use to craft their campaigns and mislead taxpayers into revealing sensitive information, making payments to fake services, or installing malicious payloads.
Learn moreStaying ahead of threat actors in the age of AI
02/14/2024
Microsoft, in collaboration with OpenAI, is publishing research on emerging threats in the age of AI, focusing on identified activity associated with known threat actors Forest Blizzard, Emerald Sleet, Crimson Sandstorm, and others. The observed activity includes prompt-injections, attempted misuse of large language models (LLM), and fraud.
Learn moreMidnight Blizzard: Guidance for responders on nation-state attacktication and evasion in ongoing attacks
01/25/2024
The Microsoft security team detected a nation-state attack on our corporate systems on January 12, 2024, and immediately activated our response process to investigate, disrupt malicious activity, mitigate the attack, and deny the threat actor further access. The Microsoft Threat Intelligence investigation identified the threat actor as Midnight Blizzard, the Russian state-sponsored actor also known as NOBELIUM.
Learn moreFollow Microsoft Security Insider
