Skip to main content
Microsoft Security

Microsoft Security Experts Posts

Microsoft Security Experts
Multicolor arrows pointing towards a center dot, with a yellow diamond filled with 1’s and 0’s and a bug crawling towards it to suggest malware.

Solving one of NOBELIUM’s most novel attacks: Cyberattack Series 

This is the first in an ongoing series exploring some of the most notable cases of the Microsoft Detection and Response Team (DART), which investigates cyberattacks on behalf of our customers. The Cyberattack Series takes you behind the scenes for an inside look at the investigation and share lessons that you can apply to better protect your own organization. In this story, we’ll explore how NOBELIUM continues to target identity providers with novel attacks—and how Microsoft DART identified one of NOBELIUM‘s most creative exploits yet.​

Male developer coding in front of two monitors at desk in office. Programming code shown on both monitors.

Token tactics: How to prevent, detect, and respond to cloud token theft 

As organizations increase their coverage of multifactor authentication (MFA), threat actors have begun to move to more sophisticated techniques to allow them to compromise corporate resources without needing to satisfy MFA. Recently, the Microsoft Detection and Response Team (DART) has seen an increase in attackers utilizing token theft for this purpose.

Microsoft Cyber Defense Operations Center.
Published
4 min read

Implementing a Zero Trust strategy after compromise recovery 

After a compromise recovery follows what we call a Security Strategic Recovery. This is the plan for moving forward to get up to date with security posture all over the environment. The plan consists of different components like securing privileged access and extended detection and response, but it all points in the same direction: moving ahead with Zero Trust Strategy over traditional network-based security.