Skip to content

Microsoft Secure

Hawkeye Keylogger – Reborn v8: An in-depth campaign analysis

Much of cybercrime today is fueled by underground markets where malware and cybercriminal services are available for purchase. These markets in the deep web commoditize malware operations. Even novice cybercriminals can buy malware toolkits and other services they might need for malware campaigns: encryption, hosting, antimalware evasion, spamming, and many others. Hawkeye Keylogger is an...

Read more

Detonation-heuristics-machine-learning

Enhancing Office 365 Advanced Threat Protection with detonation-based heuristics and machine learning

Email, coupled with reliable social engineering techniques, continues to be one of the primary entry points for credential phishing, targeted attacks, and commodity malware like ransomware and, increasingly in the last few months, cryptocurrency miners. Office 365 Advanced Threat Protection (ATP) uses a comprehensive and multi-layered solution to protect mailboxes, files, online storage, and applications...

Read more

fig3-FinFisher-stages

FinFisher exposed: A researcher’s tale of defeating traps, tricks, and complex virtual machines

Office 365 Advanced Threat Protection (Office 365 ATP) blocked many notable zero-day exploits in 2017. In our analysis, one activity group stood out: NEODYMIUM. This threat actor is remarkable for two reasons: Its access to sophisticated zero-day exploits for Microsoft and Adobe software Its use of an advanced piece of government-grade surveillance spyware FinFisher, also...

Read more

EMS_Cloud_5-300x168

Office 365 Advanced Threat Protection defense for corporate networks against recent Office exploit attacks

The Office 365 Threat Research team has seen an uptick in the use of Office exploits in attacks across various industry sectors in recent months. In this blog, we will review several of these exploits, including a group of Office moniker exploits that attackers have used in targeted as well as crimeware attacks. We will...

Read more