Skip to content
Microsoft Secure

Our commitment to our customers’ security

Windows is the only platform with a customer commitment to investigate reported security issues and proactively update impacted devices as soon as possible. And we take this responsibility very seriously. Recently, the activity group that Microsoft Threat Intelligence calls STRONTIUM conducted a low-volume spear-phishing campaign. Customers using Microsoft Edge on Windows 10 Anniversary Update are...

Read more

Reverse engineering DUBNIUM – Stage 2 payload analysis

Recently, we blogged about the basic functionality and features of the DUBNIUM advanced persistent threat (APT) activity group Stage 1 binary and Adobe Flash exploit used during the December 2015 incident (Part 1, Part 2). In this blog, we will go through the overall infection chain structure and the Stage 2 executable details. Stage 2...

Read more

Reverse-engineering DUBNIUM’s Flash-targeting exploit

The DUBNIUM campaign in December involved one exploit in-the-wild that affected Adobe Flash Player. In this blog, we’re going to examine the technical details of the exploit that targeted vulnerability CVE-2015-8651. For more details on this vulnerability, see Adobe Security Bulletin APSB16-01. Note that Microsoft Edge on Windows 10 was protected from this attack due...

Read more

Reverse-engineering DUBNIUM

DUBNIUM (which shares indicators with what Kaspersky researchers have called DarkHotel) is one of the activity groups that has been very active in recent years, and has many distinctive features. We located multiple variants of multiple-stage droppers and payloads in the last few months, and although they are not really packed or obfuscated in a...

Read more

5 Top Trends Redefining CSO Priorities

The CSO carries a heavy load, as the person responsible for overall direction of security functions associated with IT applications, communications, and computing services and security within the enterprise. Part of what makes the role of the CSO so challenging is that trends introduce change, and the changes are cumulative. Few of the old security...

Read more