Microsoft DART

The Unified Audit Log can help build a full story of a threat actor’s activity in #Office365, but its sheer size and detail can be daunting. Are you equipped to hunt through this forensic artifact effectively? Read our latest blog to find out: techcommunity.microsoft.com/t5/microsoft-s…

If you are in the security research or response field and interested in attending, please submit an application as soon as possible. Applications close January 6, 2023, or when all available passes have been allocated. Full details can be found here: msrc-blog.microsoft.com/2022/12/02/blu…

Threat actors are known to use malicious IIS extensions to open persistent backdoors in servers. As a follow up to a blog on these threats, the Microsoft Detection and Response Team (DART) provides tips on logging and monitoring: msft.it/6016eP7ZM

Threat actor tactics to bypass controls and compromise tokens present additional challenges to defenders. Microsoft DART outlines strategies for organizations to detect, mitigate, and respond to threats of this nature: msft.it/6017dauVN

Cybersecurity risk in mergers and acquisitions is an increasing issue for both IT security and business decision-makers. Read more about what we do at #MicrosoftDART: microsoft.com/en-us/security…

This post-incident report details some of the TTPs seen in a recent ransomware incident. Learn about best practices from Microsoft Detection and Response Team (DART): msft.it/6016dVE1K

Microsoft has detected social engineering campaigns targeting employees of orgs across industries in the US, UK, India, Russia. MSTIC attributes the campaigns to North Korea-based actor ZINC, which used multiple weaponized open-source software. More info: msft.it/6018d8lvr

Our latest blog details findings our investigation in partnership with Microsoft Threat Intelligence Center (#MSTIC) on the cyberattacks against the Albanian government in mid-July. Read more: microsoft.com/security/blog/…

Microsoft Detection and Response Team (DART) was engaged to lead the investigation on destructive cyberattacks launched against the Albanian government in mid-July. We assess that the attack was launched by an Iranian state-sponsored actor. Full report: microsoft.com/security/blog/…

Microsoft has been tracking Iranian actor PHOSPHORUS’ ransomware sub-group known as DEV-0270, aka Nemesis Kitten. The group is responsible for multiple attacks typically using high-severity vulnerabilities to gain access. TTPs and more in our latest blog: microsoft.com/security/blog/…

Successful fall/winter 2022 graduate applicants will have a start date in August 2023.

We are inviting soon to be graduating university students to apply for our #fulltime #jobopportunities at the #MicrosoftAspireExperience University Track at DART under the Security Services Line. Apply here: careers.microsoft.com/students/us/en…

Call for Consulting Security Services intern applications for Summer 2023. Are you ready to explore an exciting career in #cybersecurity? Come as you are, do what you love—start your journey with us today! careers.microsoft.com/students/us/en…

How threat intelligence became key to Microsoft's computer security – ift.tt/RXPeTZj

Microsoft has discovered a post-compromise capability we’re calling MagicWeb, which the threat actor tracked as NOBELIUM is using to maintain persistent access to environments they have compromised. In-depth technical analysis and hunting guidance here: msft.it/6016jeB4i

Are you interested in learning how you can leverage Microsoft Security APIs for incident response? Part 1 of this 3-part series is now available: techcommunity.microsoft.com/t5/security-co… #MicrosoftDART #DFIR #IncidentResponse

Microsoft has disrupted activity by SEABORGIUM, a Russia-based actor launching persistent phishing, credential and data theft, intrusions, and hack-and-leak campaigns tied to espionage. More details + TTPs in this MSTIC blog: msft.it/6018jVwFO