Cybercrime
The cybercriminal economy is a connected ecosystem of many players with different techniques, goals, and skillsets. Get insights on the industrialization of cybercrime and how cyberattackers use ready-made malware and other tools to perform their attacks.
Refine results
Topic
Threat intelligence
Products and services
Publish date
-
The five-day job: A BlackByte ransomware intrusion case study
In a recent investigation by Microsoft Incident Response of a BlackByte 2. -
Patch me if you can: Cyberattack Series
The Microsoft Incident Response team takes swift action to help contain a ransomware attack and regain positive administrative control of the customer environment. -
Cadet Blizzard emerges as a novel and distinct Russian threat actor
Microsoft attributes several campaigns to a distinct Russian state-sponsored threat actor tracked as Cadet Blizzard (DEV-0586), including the WhisperGate destructive attack, Ukrainian website defacements, and the hack-and-leak front “Free Civilian”. -
MSTICPy January 2022 hackathon highlights
In January 2022, MSTIC ran its inaugural hack month for the open-source Jupyter and Python Security Tools library, MSTICPy. -
Join us at InfoSec Jupyterthon 2021
We’re excited to invite our community of infosec analysts and engineers to the second annual InfoSec Jupyterthon taking place on December 2-3, 2021. -
Exploiting a crisis: How cybercriminals behaved during the outbreak
Cybercriminals adapted their tactics to match what was going on in the world, and what we saw in the threat environment was parallel to the uptick in COVID-19 headlines and the desire for more information. -
Full Operational Shutdown—another cybercrime case from the Microsoft Detection and Response Team
Today, we’re glad to share DART Case Report 002—Full Operational Shutdown. -
Real-life cybercrime stories from DART, the Microsoft Detection and Response Team
In the new DART Case Reports, you’ll find unique stories from our team’s engagements around the globe. -
How Windows Defender Antivirus integrates hardware-based system integrity for informed, extensive endpoint protection
The deep integration of Windows Defender Antivirus with hardware-based isolation capabilities allows the detection of artifacts of attacks that tamper with kernel-mode agents at the hypervisor level.