Threat landscape
Strengthen your defenses with actionable insights and industry reports from Microsoft Threat Intelligence experts.
7 minutes
10 essential insights from the Microsoft Digital Defense Report 2024
Understand the most notable trends in cybersecurity, including how threats are evolving, and which defense strategies are most effective.
40 minutes
Get a pulse check on the state of ransomware
13 minutes
Finding bootloader vulnerabilities faster with AI
28 minutes
How threat actors exploit remote monitoring and management
12 minutes
AI-powered deception: Emerging fraud threats and countermeasures
Understand them to defend against them
Get insights on active nation-state threat actors and cybercriminal organizations with analysis and updates from Microsoft Threat Intelligence.
Plaid Rain
Plaid Rain primarily targets critical manufacturing, IT, and defense organizations in Israel.
Volt Typhoon
Based out of China, Volt Typhoon targets critical infrastructure in the United States.
Mint Sandstorm
Mint Sandstorm goes after activists, journalists, and think tanks inside and outside Iran.
Silk Typhoon
Silk Typhoon focuses on reconnaissance campaigns in the United States, Australia, Japan, and Vietnam.
Forest Blizzard
Forest Blizzard is a Russian nation-state actor that uses malware to compromise cloud and on-premises environments.
Aqua Blizzard
Located in Russia, Aqua Blizzard targets governmental and non-governmental organizations in Ukraine.
Crimson Sandstorm
Using phishing and fictitious social media accounts, Crimson Sandstorm delivers malware to exfiltrate data.
Gray Sandstorm
Nation-state actor, Gray Sandstorm, used password spray to target accounts in an organization.
Periwinkle Tempest
Periwinkle Tempest is responsible for developing, distributing, and managing several ransomware payloads.
Caramel Tsunami
Caramel Tsunami sells hacking-as-a-service packages that include malware or zero-day exploits.
Cadet Blizzard
Cadet Blizzard is a Russian-sponsored group that conducts operations against Ukraine and Europe.
Smoke Sandstorm
Based in Iran, Smoke Sandstorm compromises email accounts at organizations in the Middle East.
Hazel Sandstrom
Linked to Iran, Hazel Sandstorm disrupted government websites and public services in Albania in 2022.
Nylon Typhoon
Nylon Typhoon creates and deploys custom malware that allows them to compromise remote access.
Pistachio Tempest
Pistachio Tempest uses ransomware-as-a-service offerings to gain access, exfiltrate data, and extort victims.
Manatee Tempest
Manatee Tempest is part of the ransomware-as-a-service economy and provides custom Cobalt Strike loaders.
Storm-0530
A group of actors originating from North Korea, Storm-0530 targets small businesses with ransomware.
Diamond Sleet
Based in North Korea, Diamond Sleet uses custom malware for espionage, data theft, and network destruction.
Wine Tempest
Wine Tempest typically infiltrates a machine in a network and deploys human-operated ransomware.
Plaid Rain
Plaid Rain primarily targets critical manufacturing, IT, and defense organizations in Israel.
Volt Typhoon
Based out of China, Volt Typhoon targets critical infrastructure in the United States.
Mint Sandstorm
Mint Sandstorm goes after activists, journalists, and think tanks inside and outside Iran.
Silk Typhoon
Silk Typhoon focuses on reconnaissance campaigns in the United States, Australia, Japan, and Vietnam.
Forest Blizzard
Forest Blizzard is a Russian nation-state actor that uses malware to compromise cloud and on-premises environments.
Plaid Rain
Plaid Rain primarily targets critical manufacturing, IT, and defense organizations in Israel.
Aqua Blizzard
Located in Russia, Aqua Blizzard targets governmental and non-governmental organizations in Ukraine.
Crimson Sandstorm
Using phishing and fictitious social media accounts, Crimson Sandstorm delivers malware to exfiltrate data.
Gray Sandstorm
Nation-state actor, Gray Sandstorm, used password spray to target accounts in an organization.
Silk Typhoon
Silk Typhoon focuses on reconnaissance in the United States, Australia, Japan, and Vietnam.
Forest Blizzard
Forest Blizzard is a Russian nation-state actor that uses malware to compromise cloud and on-premises environments.
Volt Typhoon
Based out of China, Volt Typhoon targets critical infrastructure in the United States.
Periwinkle Tempest
Periwinkle Tempest is responsible for developing, distributing, and managing several ransomware payloads.
Caramel Tsunami
Caramel Tsunami sells hacking-as-a-service packages that include malware or zero-day exploits.
Cadet Blizzard
Cadet Blizzard is a Russian-sponsored group that conducts operations against Ukraine and Europe.
Plaid Rain
Plaid Rain primarily targets critical manufacturing, IT, and defense organizations in Israel.
Mint Sandstorm
Mint Sandstorm goes after activists, journalists, and think tanks inside and outside Iran.
Smoke Sandstorm
Based in Iran, Smoke Sandstorm compromises email accounts at organizations in the Middle East.
Forest Blizzard
Forest Blizzard is a Russian nation-state actor that uses malware to compromise cloud and on-premises environments.
Volt Typhoon
Based out of China, Volt Typhoon targets critical infrastructure in the United States.
Plaid Rain
Plaid Rain primarily targets critical manufacturing, IT, and defense organizations in Israel.
Hazel Sandstrom
Linked to Iran, Hazel Sandstorm disrupted government websites and public services in Albania in 2022.
Cadet Blizzard
Cadet Blizzard is a Russian sponsored group that conducts operations against Ukraine and Europe.
Caramel Tsunami
Caramel Tsunami sells hacking-as-a-service packages that include malware or zero-day exploits.
Aqua Blizzard
Located in Russia, Aqua Blizzard targets governmental and non-governmental organizations in Ukraine.
Nylon Typhoon
Nylon Typhoon creates and deploys custom malware that allows them to compromise remote access.
Crimson Sandstorm
Using phishing and fictitious social media accounts, Crimson Sandstorm delivers malware to exfiltrate data.
Silk Typhoon
Silk Typhoon focuses on reconnaissance in the United States, Australia, Japan, and Vietnam.
Pistachio Tempest
Pistachio Tempest uses ransomware-as-a-service offerings to gain access, exfiltrate data, and extort victims.
Periwinkle Tempest
Periwinkle Tempest is responsible for developing, distributing, and managing several ransomware payloads.
Aqua Blizzard
Located in Russia, Aqua Blizzard targets governmental and non-governmental organizations in Ukraine.
Silk Typhoon
Silk Typhoon focuses on reconnaissance in the United States, Australia, Japan, and Vietnam.
Volt Typhoon
Based out of China, Volt Typhoon targets critical infrastructure in the United States.
Plaid Rain
Plaid Rain primarily targets critical manufacturing, IT, and defense organizations in Israel.
Volt Typhoon
Based out of China, Volt Typhoon targets critical infrastructure in the United States.
Caramel Tsunami
Caramel Tsunami sells hacking-as-a-service packages that include malware or zero-day exploits.
Manatee Tempest
Manatee Tempest is part of the ransomware-as-a-service economy and provides custom Cobalt Strike loaders.
Smoke Sandstorm
Based in Iran, Smoke Sandstorm compromises email accounts at organizations in the Middle East.
Storm-0530
A group of actors originating from North Korea, Storm-0530 targets small businesses with ransomware.
Mint Sandstorm
Mint Sandstorm goes after activists, journalists, and think tanks inside and outside Iran.
Silk Typhoon
Silk Typhoon focuses on reconnaissance in the United States, Australia, Japan, and Vietnam.
Aqua Blizzard
Located in Russia, Aqua Blizzard targets governmental and non-governmental organizations in Ukraine.
Nylon Typhoon
Nylon Typhoon creates and deploys custom malware that allows them to compromise remote access.
Aqua Blizzard
Located in Russia, Aqua Blizzard targets governmental and non-governmental organizations in Ukraine.
Silk Typhoon
Silk Typhoon focuses on reconnaissance in the United States, Australia, Japan, and Vietnam.
Caramel Tsunami
Caramel Tsunami sells hacking-as-a-service packages that include malware or zero-day exploits.
Caramel Tsunami
Caramel Tsunami sells hacking-as-a-service packages that include malware or zero-day exploits.
Aqua Blizzard
Located in Russia, Aqua Blizzard targets governmental and non-governmental organizations in Ukraine.
Diamond Sleet
Based in North Korea, Diamond Sleet uses custom malware for espionage, data theft, and network destruction.
Forest Blizzard
Forest Blizzard is a Russian nation-state actor that uses malware to compromise cloud and on-premises environments.
Volt Typhoon
Based out of China, Volt Typhoon targets critical infrastructure in the United States.
Plaid Rain
Plaid Rain primarily targets critical manufacturing, IT, and defense organizations in Israel.
Cadet Blizzard
Cadet Blizzard is a Russian sponsored group that conducts operations against Ukraine and Europe.
Crimson Sandstorm
Using phishing and fictitious social media accounts, Crimson Sandstorm delivers malware to exfiltrate data.
Diamond Sleet
Based in North Korea, Diamond Sleet uses custom malware for espionage, data theft, and network destruction.
Gray Sandstorm
Nation-state actor, Gray Sandstorm, used password spray to target accounts in an organization.
Silk Typhoon
Silk Typhoon focuses on reconnaissance in the United States, Australia, Japan, and Vietnam.
Forest Blizzard
Forest Blizzard is a Russian nation-state actor that uses malware to compromise cloud and on-premises environments.
Diamond Sleet
Based in North Korea, Diamond Sleet uses custom malware for espionage, data theft, and network destruction.
Silk Typhoon
Silk Typhoon focuses on reconnaissance in the United States, Australia, Japan, and Vietnam.
Volt Typhoon
Based out of China, Volt Typhoon targets critical infrastructure in the United States.
Plaid Rain
Plaid Rain primarily targets critical manufacturing, IT, and defense organizations in Israel.
Gray Sandstorm
Nation-state actor, Gray Sandstorm, used password spray to target accounts in an organization.
Volt Typhoon
Based out of China, Volt Typhoon targets critical infrastructure in the United States.
Smoke Sandstorm
Based in Iran, Smoke Sandstorm compromises email accounts at organizations in the Middle East.
Silk Typhoon
Silk Typhoon focuses on reconnaissance in the United States, Australia, Japan, and Vietnam.
Forest Blizzard
Forest Blizzard is a Russian nation-state actor that uses malware to compromise cloud and on-premises environments.
Volt Typhoon
Based out of China, Volt Typhoon targets critical infrastructure in the United States.
Plaid Rain
Plaid Rain primarily targets critical manufacturing, IT, and defense organizations in Israel.
Hazel Sandstrom
Linked to Iran, Hazel Sandstorm disrupted government websites and public services in Albania in 2022.
Cadet Blizzard
Cadet Blizzard is a Russian sponsored group that conducts operations against Ukraine and Europe.
Aqua Blizzard
Located in Russia, Aqua Blizzard targets governmental and non-governmental organizations in Ukraine.
Nylon Typhoon
Nylon Typhoon creates and deploys custom malware that allows them to compromise remote access.
Crimson Sandstorm
Using phishing and fictitious social media accounts, Crimson Sandstorm delivers malware to exfiltrate data.
Diamond Sleet
Based in North Korea, Diamond Sleet uses custom malware for espionage, data theft, and network destruction.
Gray Sandstorm
Nation-state actor, Gray Sandstorm, used password spray to target accounts in an organization.
Manatee Tempest
Manatee Tempest is part of the ransomware-as-a-service economy and provides custom Cobalt Strike loaders.
Wine Tempest
Wine Tempest typically infiltrates a machine in a network and deploys human-operated ransomware.
Smoke Sandstorm
Based in Iran, Smoke Sandstorm compromises email accounts at organizations in the Middle East.
Pistachio Tempest
Pistachio Tempest uses ransomware-as-a-service offerings to gain access, exfiltrate data, and extort victims.
Periwinkle Tempest
Periwinkle Tempest is responsible for developing, distributing, and managing several ransomware payloads.
Caramel Tsunami
Caramel Tsunami sells hacking-as-a-service packages that include malware or zero-day exploits.
Caramel Tsunami
Caramel Tsunami sells hacking-as-a-service packages that include malware or zero-day exploits.
Silk Typhoon
Silk Typhoon focuses on reconnaissance in the United States, Australia, Japan, and Vietnam.
Threat actors
13 minutes
How Silk Typhoon compromises supply chains
23 minutes
The tactics, techniques, and procedures of a Seashell Blizzard subgroup
32 minutes
Understand and mitigate a large-scale malvertising campaign
13 minutes
Threat actors use tax-themed phishing during tax season
2 minutes
How threat actors are using AI now—and what’s next
Reports
6 minutes
Tackling healthcare-targeted ransomware. Together.
10 minutes
Manipulating trust: Why social engineering fraud works
Over an hour
Microsoft Digital Defense Report 2024
20 minutes
Microsoft Digital Defense Report 2023: CISO Executive Summary
Over an hour
Microsoft Digital Defense Report 2023
Connect with us
Get the CISO Digest
Stay ahead with expert insights, industry trends, and security research in this bimonthly email series.
Why Microsoft Security
Discover why Microsoft Security is the top choice for comprehensive security in the era of AI.
Follow Microsoft Security