Today we are releasing an in-depth analysis of a #NOBELIUM post-exploitation backdoor that Microsoft Threat Intelligence Center (MSTIC) refers to as #FoggyWeb, a passive & highly targeted backdoor capable of remotely exfiltrating sensitive info from a compromised AD FS server.

#PipeMagic is a highly modular backdoor used by the financially motivated threat actor Storm-2460. It masquerades as a legitimate open-source ChatGPT Desktop Application. Microsoft Threat Intelligence encountered PipeMagic as part of research on an attack chain involving the

Join millions who have switched to Grok.

Microsoft Threat Intelligence has uncovered a cyberespionage campaign by the Russian state actor we track as Secret Blizzard that has been targeting embassies located in Moscow using an adversary-in-the-middle (AiTM) position to deploy their custom #ApolloShadow malware.

RT @hackingump1: 🚨 RIFT Update:.We’ve boosted our compiler detection! 🛠️.Now with sharper insights into binaries built using GNU, MinGW, an….

Today, Microsoft Threat Intelligence Center (#MSTIC) is excited to announce the release of #RIFT, a tool designed to assist software/malware analysts automate the identification of attacker-written code within Rust binaries. Blog: Tool:.

Do you find analyzing Rust binaries/malware tedious and unpleasant? You’re not alone! If you’re attending #REcon this year, our own @hackingump1 will be unveiling #RIFT today at 2PM EST (not at REcon? We got you covered, stay tuned). We have been using RIFT internally for some.

Goodbye #BSOD…Hello #BSOD.

In collaboration with Microsoft Threat Intelligence (MSTIC), @SonicWall has identified a deceptive campaign to distribute a modified/patched version of SonicWall’s SSL VPN NetExtender application (dubbed #SilentRoute by MSTIC) that closely resembles the official SonicWall.

RT @MsftSecIntel: Microsoft and CrowdStrike are publishing the first version of our joint threat actor mapping, which includes a list of co….

RT @MsftSecIntel: Microsoft and CrowdStrike are teaming up to create alignment across our threat actor taxonomies, mapping where knowledge….

RT @MsftSecIntel: Microsoft has discovered worldwide cloud abuse activity by new Russia-affiliated threat actor Void Blizzard (LAUNDRY BEAR….

RT @MsftSecIntel: The threat actor that Microsoft Threat Intelligence tracks as Marbled Dust has been observed exploiting a zero-day vulner….

RT @JohnLaTwC: Come help me create mechanical advantage in defense. If you love threat hunting, learning from incidents, building new way….

RT @MsftSecIntel: Exchange Server and SharePoint Server now integrate with the Windows Antimalware Scan Interface (AMSI), providing an esse….

RT @MsftSecIntel: Microsoft Incident Response researchers uncovered a novel remote access trojan (RAT) that demonstrates sophisticated tech….

RT @MsftSecIntel: Microsoft Threat Intelligence has uncovered a new variant of XCSSET, a sophisticated modular macOS malware that infects X….

RT @MsftSecIntel: Silk Typhoon is an espionage-focused Chinese state actor whose activities indicate that they are a well-resourced and tec….