'

North Korean threat actor Citrine Sleet exploiting Chromium zero-day

On August 19, 2024, Microsoft identified a North Korean threat actor exploiting a zero-day vulnerability in Chromium, now identified as CVE-2024-7971, to gain remote code execution (RCE). We assess with high confidence that the observed exploitation of CVE-2024-7971 can be attributed to a North Korean threat actor targeting the cryptocurrency sector for financial gain. Our … Read more

The art and science behind Microsoft threat hunting: Part 3

The art and science behind Microsoft threat hunting: Part 3

Earlier in Part 11 and Part 22 of this blog series, Microsoft Incident Response outlined the strategies, methodologies, and approaches that are used while performing a cyberthreat hunt in both pre- and post-compromised environments. This chapter outlines how Microsoft Incident Response, in collaboration with partner security teams, leverages three distinct types of threat intelligence in … Read more

Peach Sandstorm deploys new custom Tickler malware in long-running intelligence gathering operations

Peach Sandstorm deploys new custom Tickler malware in long-running intelligence gathering operations

Between April and July 2024, Microsoft observed Iranian state-sponsored threat actor Peach Sandstorm deploying a new custom multi-stage backdoor, which we named Tickler. Tickler has been used in attacks against targets in the satellite, communications equipment, oil and gas, as well as federal and state government sectors in the United States and the United Arab … Read more

How Microsoft Entra ID supports US government agencies in meeting identity security requirements

How Microsoft Entra ID supports US government agencies in meeting identity security requirements

If you’re in charge of cybersecurity for a United States government agency, you’re already familiar with Memorandum M-22-09, “Moving the U.S. Government Toward Zero Trust Cybersecurity Principles,” which the US Office of Management and Budget issued in January 2022. This memo set a September 30, 2024, deadline for meeting “specific cybersecurity standards and objectives” toward … Read more

Microsoft AI Tour: Hear the latest product innovations to elevate your security strategy

Microsoft AI Tour: Hear the latest product innovations to elevate your security strategy

For the second year, the Microsoft AI Tour will bring together security practitioners, developers, and other technology professionals to learn about the latest AI innovations across the full Microsoft Security stack in multiple cities around the globe. Whether you’re a decision maker who evaluates investments, an IT team member charged with security, or a chief … Read more

Microsoft again ranked number one in modern endpoint security market share

Microsoft again ranked number one in modern endpoint security market share

Today’s remote workforce has become the standard. But the security challenges created by remote work continue to be a key point of exploitation by bad actors. In fact, 80% to 90% of all successful ransomware compromises originate through unmanaged devices.1 Because endpoints are a broadly targeted vector and remote work necessitates so many varied endpoints, … Read more

Chained for attack: OpenVPN vulnerabilities discovered leading to RCE and LPE

Chained for attack: OpenVPN vulnerabilities discovered leading to RCE and LPE

Microsoft researchers recently identified multiple medium severity vulnerabilities in OpenVPN, an open-source project with binaries integrated into routers, firmware, PCs, mobile devices, and many other smart devices worldwide, numbering in the millions. Attackers could chain and remotely exploit some of the discovered vulnerabilities to achieve an attack chain consisting of remote code execution (RCE) and … Read more

How Microsoft and NIST are collaborating to advance the Zero Trust Implementation

How Microsoft and NIST are collaborating to advance the Zero Trust Implementation

We are announcing the release of the recently published Zero Trust practice guide in collaboration between Microsoft and the National Cybersecurity Center of Excellence (NCCoE). This guide details how to implement a Zero Trust strategy, and what an end to end security approach using Zero Trust means for you and your organization.  While the Zero Trust … Read more

Ransomware operators exploit ESXi hypervisor vulnerability for mass encryption

Ransomware operators exploit ESXi hypervisor vulnerability for mass encryption

Microsoft researchers have uncovered a vulnerability in ESXi hypervisors being exploited by several ransomware operators to obtain full administrative permissions on domain-joined ESXi hypervisors. ESXi is a bare-metal hypervisor that is installed directly onto a physical server and provides direct access and control of underlying resources. ESXi hypervisors host virtual machines that may include critical … Read more

Onyx Sleet uses array of malware to gather intelligence for North Korea

Onyx Sleet uses array of malware to gather intelligence for North Korea

On July 25, 2024, the United States Department of Justice (DOJ) indicted an individual linked to the North Korean threat actor that Microsoft tracks as Onyx Sleet. Microsoft Threat Intelligence collaborated with the Federal Bureau of Investigation (FBI) in tracking activity associated with Onyx Sleet. We will continue to closely monitor Onyx Sleet’s activity to … Read more