New Threat analytics report shares the latest intelligence on recent nation-state cyber attacks

Published Dec 18 2020 05:12 AM 7,502 Views
Microsoft

Microsoft security researchers have been investigating and responding to the recent nation-state cyber-attack involving a supply-chain compromise followed by cloud assets compromise.

 

Microsoft 365 Defender can help you track and respond to emerging threats with threat analytics. Our Threat Intelligence team has published a new Threat analytics report, shortly following the discovery of this new cyber attack. This report is being constantly updated as the investigations and analysis unfold.

 

The threat analytics report includes deep-dive analysis, MITRE techniques, detection details, recommended mitigations, updated list of indicators of compromise (IOCs), and advanced hunting queries that expand detection coverage.

 

Given the high profile of this threat, we have made sure that all our customers, E5 and E3 alike, can access and use this important information.

 

If you’re an E5 customer, you can use threat analytics to view your organization’s state relevant to this attack and help with the following security operation tasks:

  • Monitor related incidents and alerts
  • Handle impacted assets
  • Track mitigations and their status, with options to investigate further and remediate weaknesses using threat and vulnerability management.

 

For guidance on how to read the report, see Understand the analyst report section in threat analytics.

 

TA blog.png

 

Read the Solorigate supply chain attack threat analytics report:

 

For our E3 customers, you can read similar relevant Microsoft threat intelligence data, including the updated list of IOCs, through the MSRC blog. Monitor the blog, Customer Guidance on Recent Nation-State Cyber Attacks, where we share the latest details as the situation unfolds.

 

%3CLINGO-SUB%20id%3D%22lingo-sub-2001095%22%20slang%3D%22en-US%22%3ENew%20Threat%20analytics%20report%20shares%20the%20latest%20intelligence%20on%20recent%20nation-state%20cyber%20attacks%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2001095%22%20slang%3D%22en-US%22%3E%3CP%3EMicrosoft%20security%20researchers%20have%20been%20investigating%20and%20responding%20to%20the%20recent%20nation-state%20cyber-attack%20involving%20a%20supply-chain%20compromise%20followed%20by%20cloud%20assets%20compromise.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EMicrosoft%20365%20Defender%20can%20help%20you%20track%20and%20respond%20to%20emerging%20threats%20with%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fthreat-protection%2Fmicrosoft-defender-atp%2Fthreat-analytics%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ethreat%20analytics%3C%2FA%3E.%20Our%20Threat%20Intelligence%20team%20has%20published%20a%20new%20Threat%20analytics%20report%2C%20shortly%20following%20the%20discovery%20of%20this%20new%20cyber%20attack.%20This%20report%20is%20being%20constantly%20updated%20as%20the%20investigations%20and%20analysis%20unfold.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20threat%20analytics%20report%20includes%20deep-dive%20analysis%2C%20MITRE%20techniques%2C%20detection%20details%2C%20recommended%20mitigations%2C%20updated%20list%20of%20indicators%20of%20compromise%20(IOCs)%2C%20and%20advanced%20hunting%20queries%20that%20expand%20detection%20coverage.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EGiven%20the%20high%20profile%20of%20this%20threat%2C%20we%20have%20made%20sure%20that%20all%20our%20customers%2C%20E5%20and%20E3%20alike%2C%20can%20access%20and%20use%20this%20important%20information.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIf%20you%E2%80%99re%20an%20E5%20customer%2C%20you%20can%20use%20threat%20analytics%20to%20view%20your%20organization%E2%80%99s%20state%20relevant%20to%20this%20attack%20and%20help%20with%20the%20following%20security%20operation%20tasks%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EMonitor%20related%20incidents%20and%20alerts%3C%2FLI%3E%0A%3CLI%3EHandle%20impacted%20assets%3C%2FLI%3E%0A%3CLI%3ETrack%20mitigations%20and%20their%20status%2C%20with%20options%20to%20investigate%20further%20and%20remediate%20weaknesses%20using%20threat%20and%20vulnerability%20management.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EFor%20guidance%20on%20how%20to%20read%20the%20report%2C%20see%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fthreat-protection%2Fmicrosoft-defender-atp%2Fthreat-analytics-analyst-reports%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EUnderstand%20the%20analyst%20report%20section%20in%20threat%20analytics%3C%2FA%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22TA%20blog.png%22%20style%3D%22width%3A%20624px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F241556iD946F01E72D4098C%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22TA%20blog.png%22%20alt%3D%22TA%20blog.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ERead%20the%20Solorigate%20supply%20chain%20attack%20threat%20analytics%20report%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EFor%20unified%20Microsoft%20365%20Defender%20early%20adopters%2C%20use%20this%20link%3A%20%3CA%20href%3D%22https%3A%2F%2Fsecurity.microsoft.com%2Fthreatanalytics3%2F2b74f636-146e-48dd-94f6-5cb5132467ca%2Foverview%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EThreat%20Analytics%20-%20Microsoft%20365%20security%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3EFor%20Microsoft%20Defender%20for%20Endpoint%20customers%2C%20use%20this%20link%3A%20%3CA%20href%3D%22https%3A%2F%2Fsecuritycenter.microsoft.com%2Fthreatanalytics3%2F2b74f636-146e-48dd-94f6-5cb5132467ca%2Foverview%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EThreat%20overview%20-%20Microsoft%20Defender%20for%20Endpoint%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EFor%20our%20E3%20customers%2C%20you%20can%20read%20similar%20relevant%20Microsoft%20threat%20intelligence%20data%2C%20including%20the%20updated%20list%20of%20IOCs%2C%20through%20the%20MSRC%20blog.%20Monitor%20the%20blog%2C%20%3CA%20href%3D%22https%3A%2F%2Fmsrc-blog.microsoft.com%2F2020%2F12%2F13%2Fcustomer-guidance-on-recent-nation-state-cyber-attacks%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ECustomer%20Guidance%20on%20Recent%20Nation-State%20Cyber%20Attacks%3C%2FA%3E%3CSPAN%3E%2C%3C%2FSPAN%3E%20where%20we%20share%20the%20latest%20details%20as%20the%20situation%20unfolds.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-2001095%22%20slang%3D%22en-US%22%3E%3CP%3EAs%20the%20situation%20surrounding%20the%20sophisticated%20attack%20using%20compromised%20legitimate%20software%20binaries%20continues%20to%20unfold%2C%20Microsoft%20security%20researchers%20keeps%20you%20updated%20with%20threat%20analytics%20that%20can%20help%20you%20make%20informed%20security%20decisions.%3C%2FP%3E%3C%2FLINGO-TEASER%3E
Version history
Last update:
‎Dec 18 2020 05:15 AM
Updated by: