Skip to content
Microsoft Secure

FinFisher exposed: A researcher’s tale of defeating traps, tricks, and complex virtual machines

Office 365 Advanced Threat Protection (Office 365 ATP) blocked many notable zero-day exploits in 2017. In our analysis, one activity group stood out: NEODYMIUM. This threat actor is remarkable for two reasons: Its access to sophisticated zero-day exploits for Microsoft and Adobe software Its use of an advanced piece of government-grade surveillance spyware FinFisher, also...

Read more

Twin zero-day attacks: PROMETHIUM and NEODYMIUM target individuals in Europe

Targeted attacks are typically carried out against individuals to obtain intellectual property and other valuable data from target organizations. These individuals are either directly in possession of the targeted information or are able to connect to networks where the information resides. Microsoft researchers have encountered twin threat activity groups that appear to target individuals for...

Read more

Our commitment to our customers’ security

Windows is the only platform with a customer commitment to investigate reported security issues and proactively update impacted devices as soon as possible. And we take this responsibility very seriously. Recently, the activity group that Microsoft Threat Intelligence calls STRONTIUM conducted a low-volume spear-phishing campaign. Customers using Microsoft Edge on Windows 10 Anniversary Update are...

Read more

Digging deep for PLATINUM

This blog introduces our latest report from the Windows Defender Advanced Threat Hunting team. You can read the full report at: PLATINUM: Targeted attacks in South and Southeast Asia There is no shortage of headlines about cybercriminals launching large-scale attacks against organizations. For us, the activity groups that pose the most danger are the ones...

Read more

Microsoft Security Intelligence Report: Strontium

The Microsoft Security Intelligence Report (SIR) provides a regular snapshot of the current threat landscape, using data from more than 600 million computers worldwide. The latest report (SIRv19) was released this week and includes a detailed analysis of the actor group STRONTIUM – a group that uses zero-day exploits to collect the sensitive information of...

Read more

Protecting Point of Sale Devices from Targeted Attacks

Posted by: Sean Finnegan Director, Cybersecurity Last week, we published a paper on “Threat Modeling a Retail Environment.” The intent of this paper was to help provide the retail industry with risk and mitigation guidance that could be applied in their environment where there is a unique set of requirements and challenges.  As a follow...

Read more

Targeted Attacks Video Series

Many of the CISOs I talk to tell me that “Advanced Persistent Threats” (APT) style attacks are among their top concerns.  As I have written about before, the problem with the term APT is that it doesn’t describe this category of threats very accurately.  This makes it harder to understand and mitigate this type of...

Read more