May 22, 2025

Lumma Stealer: Breaking down the delivery techniques and capabilities of a prolific infostealer

Over the past year, Microsoft observed the persistent growth and operational sophistication of Lumma Stealer, an infostealer malware used by multiple financially motivated threat actors to […]
March 14, 2025

Phishing campaign impersonates Booking .com, delivers a suite of credential-stealing malware

Starting in December 2024, leading up to some of the busiest travel days, Microsoft Threat Intelligence identified a phishing campaign that impersonates online travel agency Booking.com […]
March 7, 2025

Malvertising campaign leads to info stealers hosted on GitHub

In early December 2024, Microsoft Threat Intelligence detected a large-scale malvertising campaign that impacted nearly one million devices globally in an opportunistic attack to steal information. […]
December 12, 2024

Frequent freeloader part II: Russian actor Secret Blizzard using tools of other groups to attack Ukraine

After co-opting the tools and infrastructure of another nation-state threat actor to facilitate espionage activities, as detailed in our last blog, Russian nation-state actor Secret Blizzard […]
December 5, 2024

Frequent freeloader part I: Secret Blizzard compromising Storm-0156 infrastructure for espionage

Based on both Microsoft Threat Intelligence’s findings and those reported by governments and other security vendors, we assess that the Russian nation-state actor tracked as Secret […]