Microsoft Threat Intelligence’s cover photo
Microsoft Threat Intelligence

Microsoft Threat Intelligence

Computer and Network Security

Redmond, Washington 129,498 followers

We are Microsoft's global network of security experts. Follow for security research and threat intelligence.

About us

The Microsoft Threat Intelligence community is made up of more than 10,000 world-class experts, security researchers, analysts, and threat hunters analyzing 78 trillion signals daily to discover threats and deliver timely and hyper-relevant insight to protect customers. Our research covers a broad spectrum of threats, including threat actors and the infrastructure that enables them, as well as the tools and techniques they use in their attacks.

Website
https://aka.ms/threatintelblog
Industry
Computer and Network Security
Company size
10,001+ employees
Headquarters
Redmond, Washington
Specialties
Computer & network security, Information technology & services, Cybersecurity, Threat intelligence, Threat protection, and Security

Updates

  • In multiple incident investigations, Microsoft Threat Intelligence has observed threat actors gain meaningful access without deploying malware or exploiting a vulnerability. The decisive activity occurs before any payload appears, as operators manipulate targets into granting access through support pretexts, manipulated workflows, or credential capture on attacker infrastructure. This places the intrusion outside the visibility of detection built around malicious code. Storm-1811 illustrates the technique. The actor generated urgency through email bombing, then posed as IT or help desk support offering to remediate the disruption it had created and used that pretext to direct targets toward granting remote control of their devices through legitimate tooling. A routine support interaction became hands-on-keyboard access, achieved by manipulating an established trust relationship rather than the endpoint itself. https://lnkd.in/eqjyeDui AI is making this tradecraft more scalable and more convincing. Microsoft Threat Intelligence is tracking a growing number of campaigns that impersonate trusted AI platforms as a lure for credential and token theft. One campaign used acceptable use policy enforcement lures, routing users through an AiTM flow that captured credentials and active access tokens sufficient to bypass MFA and ride a valid session. Others abused popular AI service brands at the scale of 100,000 emails in a single day, with the impersonated brand shifting to whatever platform users currently trust: https://lnkd.in/eV6fBxfy The attack surface extends beyond software vulnerabilities and malware delivery. When attackers gain access through manipulation, defenders need visibility into the identities, accounts, and authentication events that enable the intrusion. To ground a detection model in identity and access, see Microsoft's identity-first security best practices: https://lnkd.in/gbApiF-r

    In today’s security landscape, some of the most damaging intrusions don’t start with malware. Instead, they start with identity abuse, social engineering, insider bribery, and access gained through trust. And we've already seen this play out at scale. Strawberry Tempest breached some of the most protected organizations in the world. Octo Tempest matured this approach into full ransomware operations. Storm-1811 convinced users to hand over remote control through Quick Assist. What connects these actors isn't a shared toolset, it's a shared insight: human support processes and identity infrastructure can be a greater point of leverage than software vulnerabilities. That reality forces a shift in detection practices. It’s no longer just about malicious code. The compromise may begin as a phone call, a text, a fake support interaction, or a trusted workflow turned against us. Trust has become the attack path. If your detection model is moving toward identity and behavior, Microsoft's identity-first security best practices will help ground your approach: https://lnkd.in/ekK6SZkE #MSFTHotCybercrimeSummer #MicrosoftSecurity #ThreatIntelligence

    • No alternative text description for this image
  • AI is accelerating vulnerability research on both sides of the security equation, enabling defenders to find and prioritize issues faster while also lowering barriers for threat actors. As these capabilities become more accessible, cybersecurity experts expect vulnerability volume to continue growing. https://msft.it/6049vtwTv The rapid pace of software development is making responsible disclosure increasingly complex. Security researchers must balance the value of publishing vulnerability findings that help defenders against the risk of making those same insights available to adversaries. Security teams face a future where AI-powered capabilities are available to nearly everyone, yet the impact extends beyond technology. As AI takes on more security tasks, cybersecurity professionals continue to wrestle with which decisions should remain human-driven and where expertise, judgment, and community matter most. Learn more from Casey Ellis, founder of Bugcrowd and co-founder of disclose.io, on the Microsoft Threat Intelligence Podcast with Sherrod DeGrippo.

  • As enterprise deployments mature, some enterprise AI agents are shifting from reading content to taking action, creating opportunities for threat actors to misuse trust relationships within agent workflows. The security implications extend beyond prompts and outputs to the tools that agents rely on to operate. https://msft.it/6046vssKa In this blog, Microsoft Incident Response explores an attack pattern targeting Model Context Protocol (MCP) tools, where poisoned tool metadata can subtly influence agent decision-making and redirect legitimate workflows toward unintended actions and outcomes. Because each individual action appears legitimate, misuse can be difficult to identify. The issue lies in the trust boundary between approved tools, agent permissions, and connected systems rather than in any single system. Read the full analysis for a practical playbook, mapped to the OWASP Top 10 for Agentic Applications, including guidance to govern agent supply chains, establish stronger controls, and detect anomalous agent behavior.

  • A malicious Chromium-based extension spoofed the AI-powered answer engine Perplexity AI to intercept browser search traffic and collect user input before redirecting users to expected search providers. https://msft.it/6049vs6fX Microsoft Threat Intelligence observed the extension using Manifest Version 3 capabilities and intermediary infrastructure to intercept search queries while preserving the appearance of legitimate search results. The extension has been taken down following responsible disclosure to Google. While browser search hijacking is not new, this research highlights how threat actors are operationalizing AI to accelerate attacks, specifically the use of AI brands as a social engineering vector. https://msft.it/6040vs6fk Organizations should strengthen user awareness around AI-themed social engineering and use layered defenses that correlate indicators, behavioral signals, and threat intelligence. Read our latest blog for a detailed analysis of this malicious extension, along with Microsoft Defender detection, mitigation, and protection guidance.

  • A single intrusion exposed parallel activity from two unrelated threat actors operating at the same time, blending tactics, obscuring signals, and enabling sustained access while masking the full scope of the compromise. Microsoft Incident Response found activity associated with Storm-2603, including reconnaissance targeting on-premises SharePoint servers, persistence through legitimate tools, and multiple remote access channels. Investigators also uncovered a second threat actor whose use of DLL sideloading and custom backdoors complicated attribution and detection. The case highlights how overlapping intrusion activity can mask the full scope of an attack and why connected telemetry, coordinated response, and operational preparedness remain critical for defenders. Read the full cyberattack series report to learn more: https://msft.it/6049vqXbv

  • Microsoft Threat Intelligence has identified an active multi-stage intrusion campaign targeting hospitality organizations in Europe and Asia. The campaign uses photo-themed ZIP archives and fake image shortcut files to deliver a persistent Node.js implant and evade detection. https://msft.it/6047vUCzf Threat actors have continued to refine the campaign over time while maintaining the same core attack chain. Microsoft observed two distinct waves of activity, including changes to delivery mechanisms, infrastructure, and evasion techniques designed to help the operation persist and avoid detection. For example, the second wave demonstrates the resilience of the campaign's dual-persistence model. In one observed case, malicious payloads were blocked, yet Node.js persistence remained active and later re-established command-and-control (C2) communications through new infrastructure. Learn more about the campaign's evolution, phishing infrastructure, and persistence mechanisms, and review Microsoft Defender detections and recommendations to help organizations investigate and defend against this activity.

  • Phishing-as-a-service (PhaaS) platforms using adversary-in-the-middle (AiTM) techniques have introduced a scalable, subscription-based model for bypassing multifactor authentication (MFA). Microsoft Threat Intelligence tracks the group behind one of the most widespread of these platforms, Tycoon2FA (Storm-1747), which has enabled campaigns responsible for tens of millions of phishing messages reaching more than 500,000 organizations each month since August 2023. The technique works by proxying authentication in real time between the victim and the legitimate sign-in page. The victim completes MFA normally, and the platform captures the resulting session cookie after authentication is already complete, giving the attacker an authenticated session without needing to defeat MFA directly. Phishing kits sold through the platform start at $120 for 10 days of access, lowering the barrier for less technically skilled actors to conduct account compromise at scale. https://lnkd.in/eSf_5UTX In March 2026, Microsoft's Digital Crimes Unit, coordinating with Europol and industry partners, disrupted Tycoon2FA's infrastructure. Associated phishing volume declined 15% over the remainder of the month, and targets' ability to reach active phishing pages was substantially reduced. Microsoft Threat Intelligence subsequently observed Tycoon2FA moving away from its previous hosting providers, suggesting the group is attempting to find replacement services that offer comparable protections: https://lnkd.in/eDeTPZrZ Disruption operations reduce immediate scale, but the commoditization of AiTM phishing means that defending against session theft requires controls beyond traditional MFA. Session token protection, continuous access evaluation, and phishing-resistant authentication methods address the specific gap these platforms exploit. For guidance on phishing-resistant authentication and defending against AiTM session theft, see: https://lnkd.in/gUbaG8c8

    Multifactor authentication changed the economics of intrusion. So, criminals built a service to get around it. This week in our Hot Cybercrime Summer series, we're talking about the industrialization of MFA bypass.   This criminal operation, known as phishing-as-a-service, is already in use at scale today. These platforms are fast, and what they produce looks and feels so real that it's forcing a genuine reevaluation of our defenses.   Phishing-as-a-service platforms fundamentally change how identity-based attacks work. They act as a real-time proxy between the victim and the legitimate login page, capturing the authenticated session cookie after MFA is complete and handing it to the attacker. The attacker logs in as the user, already authenticated. MFA never had a chance to stop it, because it all looks perfectly legitimate. And AI makes the ecosystem easier to scale and tailor, increasing the likelihood of damage.   Microsoft tracks three distinct phishing-as-a-service platforms. One generated more than 753,000 phishing emails in a single month. Another targets Microsoft 365 exclusively and allows affiliates to customize the phishing page with your organization's own logo and branding. A third, Tycoon2FA, was available to any criminal willing to pay a monthly subscription fee before Microsoft and law enforcement disrupted it.    MFA remains a powerful security tool. It’s one of the most important controls any organization can put in place. But the defense must evolve. The conversation now needs to center on session token protection, continuous access evaluation, and phishing-resistant authentication.   The attackers have already adapted. The task for security leaders is to make sure their defenses do too.   For a practical starting point on moving beyond traditional MFA: https://lnkd.in/eKJHYzVK #MSFTHotCybercrimeSummer #MicrosoftSecurity #MicrosoftThreatIntelligence

    • No alternative text description for this image
  • Microsoft Threat Intelligence has observed a supply chain attack targeting the Leo Platform/RStreams npm ecosystem. On June 24, 2026, at 23:04:55 UTC, a compromised maintainer account ("czirker") to publish malicious versions of 20+ npm packages in a coordinated, fully automated operation completed in under three seconds. Each malicious package ships a tiny binding.gyp and a large index.js, with no postinstall script. The attacker hides the install hook inside node-gyp's command expansion: the binding.gyp sources array contains <!(node index.js > /dev/null 2>&1 && echo stub.c), so npm install runs index.js at build time. index.js is a three-layer dropper: a ROT char code cipher, then AES-128-GCM (two encrypted blobs), then an obfuscator[.]io toolkit. The loader writes the toolkit to /tmp/p.js and runs it under the Bun runtime (downloaded as v1.3.13), not Node, to sidestep Node-based instrumentation and EDR module load detection. On a CI runner or workstation, the toolkit: - Steals runner memory: locates the GitHub Actions Runner.Worker process and reads /proc/{pid}/mem to lift secrets that CI masks in its logs - Sweeps credentials: AWS, GCP, Azure, HashiCorp Vault, Kubernetes, plus npm, PyPI, RubyGems, JFrog tokens, GitHub PATs, and 1Password - Exfiltrates with no C2 domain: commits the stolen secrets to an attacker-controlled GitHub repository using the victim's own GitHub token, a "dead drop" that defeats egress domain blocklists - Self-propagates: republishes any package the victim can publish to, bypassing npm 2FA (bypass_2fa) - Escalates and persists: on GitHub hosted runners write runner ALL=(ALL) NOPASSWD:ALL for sudo, and injects workflows requesting id-token: write This attack affects leo-logger@1.0.8, leo-sdk@6.0.19, leo-aws@2.0.4, leo-config@1.1.1, leo-streams@2.0.1, serverless-leo@3.0.14, leo-connector-mongo@3.0.8, serverless-convention@2.0.4, rstreams-metrics@2.0.2, leo-connector-elasticsearch@2.0.6, leo-auth@4.0.6, leo-cache@1.0.2, leo-cli@3.0.3, leo-cron@2.0.2, leo-connector-redshift@3.0.6, leo-connector-oracle@2.0.1, rstreams-shard-util@1.0.1, leo-connector-mysql@3.0.3, leo-cdk-lib@0.0.2, and solo-nav@1.0.1. Microsoft Defender for Endpoint customers should act on these alerts: - Trojan:JS/MiniShaiHrd[.]ZA!MTB (index.js) - Trojan:JS/PhantomWorm[.]DA!MTB (binding.gyp) – Suspicious Node.js process behavior – Suspicious installation of Bun runtime – Suspicious usage of Bun runtime – Suspicious script execution via Bun – Credential access attempt – Kubernetes secrets enumeration indicative of credential access Microsoft Defender for Cloud detects this activity: - Suspicious supply-chain compromise activity detected - Suspicious npm supply-chain compromise activity detected

    • No alternative text description for this image
  • Infostealers like StealC and malware delivery services like Amadey play a central role in intrusions, turning compromises of consumer devices into an enterprise risk. These threats harvest passwords, cookies, and session tokens that could allow attackers to bypass MFA. https://msft.it/6044voCiY On June 24, 2026, Microsoft’s Digital Crimes Unit (DCU) announced the takedown, suspension, and blocking of domains and command-and-control (C2) servers that formed the backbone of StealC and Amadey infrastructure. https://msft.it/6045voCil Our latest blog examines how the infostealer economy feeds ransomware and other cybercriminal operations, provides an in-depth analysis of StealC and Amadey, and shares protection and detection guidance.

  • Microsoft attributes the Mastra npm supply chain compromise to Sapphire Sleet, a North Korean actor that primarily targets the financial sector. Microsoft has observed use of known Sapphire Sleet infrastructure, malware, and tactics following compromise via the malicious packages. https://msft.it/6044vmpYy Sapphire Sleet was also responsible for a separate npm compromise affecting Axios in April 2026. https://msft.it/6045vmpYJ

Affiliated pages

Similar pages