Microsoft Threat Intelligence

During tax season, threat actors exploit the urgency and familiarity of time-sensitive emails like refund notices, filing reminders, and requests from tax professionals to push malicious attachments, QR codes, and multi-step link chains. msft.it/6013QUfmR Microsoft Threat Intelligence has observed campaigns themed around W-2 and other tax documents that impersonate government agencies, tax services firms, and financial institutions. These campaigns aim to steal personal and financial data, harvest credentials through phishing-as-a-service (PhaaS) platforms, or deliver malware. Many campaigns target individuals but others specifically target accountants and other professionals who handle sensitive documents, have access to financial data, and are accustomed to receiving tax-related emails during this period. Our latest blog has details from our analysis of several campaigns leveraging the tax season for social engineering, as well as Microsoft Defender protection, detection, and hunting guidance.

Microsoft Defender Experts is sharing an investigation into the sophisticated social engineering operation known as Contagious Interview, which targets software developers and continues to be prevalent. msft.it/6016QmHep Threat actors target developers to attempt to compromise developer endpoints with access to source code, CI/CD pipelines, and production infrastructure. They pose as recruiters from cryptocurrency trading firms or AI-based solution providers and achieve initial access through a convincingly staged recruitment process that mirrors legitimate interviews but leads to a backdoor. The modular backdoor then enables theft of sensitive information like API tokens, cloud credentials, signing keys, cryptocurrency wallets, and password manager artifacts, and also leads to follow-on malicious activity and other payloads. Organizations can defend against this threat by monitoring developer endpoints and build tools, and by hunting for suspicious repository activity and dependency execution patterns. Read the latest Microsoft Defender Experts blog to get the full attack chain analysis, as well as protection, detection, and hunting guidance:

The cybercriminal threat actor tracked by Microsoft Threat Intelligence as Storm-2561 is running an SEO-poisoning campaign that redirects people searching for enterprise VPN software to spoofed sites and malicious ZIP downloads leading to credential theft. msft.it/6019Qlydd The ZIP file contains a malicious, digitally signed installer that masquerade as a trusted VPN client. The attack chain ultimately loads a variant of Hyrax infostealer that captures VPN sign-in credentials and VPN configuration data, and exfiltrates it to attacker infrastructure. Read the full Microsoft Defender Experts analysis of the tactics, techniques, and procedures (TTPs) and indicators of compromise of this Storm-2561 campaign, and get protection, detection, and hunting guidance:

Learn how defenders must think about detection and response from Greg Schlomer and Vlad H. on this episode of the Microsoft Threat Intelligence Podcast, hosted by Sherrod DeGrippo. For more info on how threat actors are operationalizing AI: msft.it/6016QYVPC

AI-assisted social engineering has also reduced telltale language errors, making phishing and impersonation campaigns more convincing. At scale, AI enables threat actors to create believable online personas and sustain long-running operations without prior growth bottlenecks.

Threat actors are rapidly integrating AI as a core component of their operations, using it across the attack lifecycle to move faster, scale more easily, and experiment with new tactics at unprecedented speed. msft.it/6014QYVMk

The March 2026 security updates are available:

Microsoft has observed threat actors operationalizing AI as tradecraft to accelerate recon, social engineering, & tool development. Against this backdrop, securing agentic AI is a defensive imperative as attackers and defenders adapt to the same technologies: msft.it/6014Qi7aQ

By treating agents as identity‑aware, auditable entities and extending Microsoft Defender, Entra, and Purview protections to agent behavior, organizations can better detect abuse, prevent data leakage, and defend against agent‑based attack chains as AI becomes embedded in everyday operations.

Addressing agent sprawl, identity misuse, data exposure, and emerging AI‑specific threats is becoming a foundational security challenge for organizations adopting AI at scale. msft.it/6013Qi7at

Threat actors are operationalizing AI across the cyberattack lifecycle to accelerate tradecraft, reduce technical friction, and sustain malicious operations at scale. msft.it/6017QgQd1 Microsoft has observed threat actors embedding generative AI into workflows for reconnaissance, social engineering, malware and infrastructure development, and post‑compromise activity—while retaining human control over objectives and targeting. Observed activity includes large‑scale identity fabrication and long‑term access misuse by North Korean threat actors such as Jasper Sleet and Coral Sleet, AI‑assisted phishing and impersonation, rapid infrastructure creation, and malware development accelerated through AI‑enabled coding and debugging. Microsoft has also observed threat actors actively bypassing AI safety controls through jailbreaking techniques, as well as early experimentation with agentic AI and AI‑enabled malware that could complicate detection and response over time. While many techniques mirror existing tradecraft, AI increases speed, scale, and persistence, amplifying risk for defenders even when behaviors are not fundamentally new. At the same time, these trends surface new detection opportunities and reinforce the importance of treating long‑term access misuse as an insider‑risk scenario, hardening identity and phishing defenses, and securing AI systems themselves. Learn more about how threat actors are operationalizing AI and get detection and mitigation guidance from this Microsoft Threat Intelligence blog post.

Microsoft Defender detects multiple threat components associated with this activity. For more information on defending against ClickFix activity: msft.it/6017QgTPB.

In the second attack path, when a user pastes a hex-encoded, XOR-compressed command into Windows Terminal, the command downloads a randomly named .bat file to AppData\Local that is invoked through cmd.exe to write a VBScript to %Temp%. The batch script is then executed via cmd.exe with the /launched command-line argument. The same batch script is then executed through MSBuild.exe, resulting in LOLBin abuse. The script connects to Crypto Blockchain RPC endpoints, indicating etherhiding technique. It also performs QueueUserAPC()-based code injection into chrome.exe and msedge.exe processes to harvest Web Data and Login Data.

Microsoft Defender Experts identified a widespread ClickFix social engineering campaign in February 2026 leveraging Windows Terminal as the primary execution mechanism. Rather than the traditional Win + R → paste → execute technique, this campaign instructs targets to use the Windows + X → I shortcut to launch Windows Terminal (wt.exe) directly, guiding users into a privileged command execution environment that blends into legitimate administrative workflows and appears more trustworthy to users. This approach bypasses detections specifically tuned to Run dialog abuse while exploiting the legitimacy and familiarity of Windows Terminal. Once the terminal is opened, targets are prompted to paste malicious PowerShell commands delivered through fake CAPTCHA pages, troubleshooting prompts, or verification-style lures designed to appear routine and benign.

Microsoft, Europol, and industry partners announced a coordinated action to disrupt Tycoon 2FA. Read this Microsoft Threat Intelligence blog: msft.it/6042Q5RN0 - Learn how Tycoon2FA operated at scale and what security teams can do to detect and disrupt it - Understand Tycoon2FA’s infrastructure and tradecraft, and the controls that can help limit its impact - Get resources for detecting, hunting for, and defending against adversary-in-the-middle phishing threats

Tycoon2FA provided adversary-in-the-middle (AiTM) capabilities that allowed threat actors to bypass multifactor authentication (MFA). Read our blog to get comprehensive analysis of Tycoon2FA, plus protection recommendations, detection, hunting guidance, and other resources.

In collaboration with Europol and industry partners, Microsoft’s Digital Crimes Unit (DCU) facilitated a disruption of Tycoon2FA’s infrastructure and operations. msft.it/6019Q5RfZ

The phishing-as-a-service platform Tycoon2FA enabled campaigns responsible for millions of phishing messages reaching >500K orgs monthly. Developed and advertised by Storm-1747, Tycoon2FA allowed threat actors to conduct account compromise at scale. msft.it/6018Q5Rfk