Latest Threat Intelligence (February 2024)
Microsoft Defender for IoT has released the February 2024 Threat Intelligence package. The package is available for download from the Microsoft Defender for IoT portal (click Updates, then Download file). Threat Intelligence updates reflect the combined impact of proprietary research and threat intelligence carried out by Microsoft security teams. Each package contains the latest CVEs (Common Vulnerabilities and Exposures), IOCs (Indicators of Compromise), and other indicators applicable to IoT/ICS/OT networks (published during the past month) researched and implemented by Microsoft Threat Intelligence Research - CPS. The CVE scores are aligned with the National Vulnerability Database (NVD). Starting with the August 2023 threat intelligence updates, CVSSv3 scores are shown if they are relevant; otherwise the CVSSv2 scores are shown. Guidance Customers are recommended to update their systems with the latest TI package in order to detect potential exposure risks and vulnerabilities in their networks and on their devices. Threat Intelligence packages are updated every month with the most up-to-date security information available, ensuring that Microsoft Defender for IoT can identify malicious actors and behaviors on devices. What's new? Log4j - optimized alerts when interoperating with endpoint AV. Update your system with the latest TI package The package is available for download from the Microsoft Defender for IoT portal (click Updates, then Download file), for more information, please review Update threat intelligence data | Microsoft Docs. MD5 Hash: 9e66792f9c3132094054bd61fa1a0e42 For cloud connected sensors, Microsoft Defender for IoT can automatically update new threat intelligence packages following their release, click here for more information.Latest Threat Intelligence (October 2023)
Microsoft Defender for IoT has released the October 2023 Threat Intelligence package. The package is available for download from the Microsoft Defender for IoT portal (click Updates, then Download file). Threat Intelligence updates reflect the combined impact of proprietary research and threat intelligence carried out by Microsoft security teams. Each package contains the latest CVEs (Common Vulnerabilities and Exposures), IOCs (Indicators of Compromise), and other indicators applicable to IoT/ICS/OT networks (published during the past month) researched and implemented by Microsoft Threat Intelligence Research - CPS. The CVE scores are aligned with the National Vulnerability Database (NVD). Starting with the August 2023 threat intelligence updates, CVSSv3 scores are shown if they are relevant; otherwise the CVSSv2 scores are shown. Guidance Customers are recommended to update their systems with the latest TI package in order to detect potential exposure risks and vulnerabilities in their networks and on their devices. Threat Intelligence packages are updated every month with the most up-to-date security information available, ensuring that Microsoft Defender for IoT can identify malicious actors and behaviors on devices. Update your system with the latest TI package The package is available for download from the Microsoft Defender for IoT portal (click Updates, then Download file), for more information, please review Update threat intelligence data | Microsoft Docs. MD5 Hash: 75cb715ae9174fc57abac68ebebc5d48 For cloud connected sensors, Microsoft Defender for IoT can automatically update new threat intelligence packages following their release, click here for more information.Latest Threat Intelligence (July 2023)
Microsoft Defender for IoT has released the July 2023 Threat Intelligence package. The package is available for download from the Microsoft Defender for IoT portal (click Updates, then Download file). Threat Intelligence updates reflect the combined impact of proprietary research and threat intelligence carried out by Microsoft security teams. Each package contains the latest CVEs (Common Vulnerabilities and Exposures), IOCs (Indicators of Compromise), and other indicators applicable to IoT/ICS/OT networks (published during the past month) researched and implemented by Microsoft Defender for IoT’s security research team, Section 52. The Threat Intelligence package for this month provides indicators to identify devices affected by the Rockwell Automation ControlLogix Firmware vulnerabilities CVE-2023-3595 and CVE-2023-3596, as well as detections designed to warn users of attempts to exploit these vulnerabilities. This package also includes indications for Honeywell Experion PKS, LX, and PlantCruise devices affected by the CVEs in ICSA-23-194-06 vulnerabilities (CVE-2023-23585, CVE-2023-25078, CVE-2023-2023-25948, CVE-2023-2023-26597, CVE-2023-24480, CVE-2023-25770, CVE-2023-25178, CVE-2023-22435, CVE-2023-2023-24474). Consequently, these devices may be vulnerable to remote code execution (RCE), denial of service (DoS), spoofing attacks, or they may even be disabled. Users must update their systems to the latest version to be safe from these vulnerabilities. Rockwell Automation and Honeywell have released patches to address these issues. It is recommended to install the patches as soon as possible. These CVEs can only be exploited by the attacker who has direct access to the systems that are affected. In order to mitigate the risks, we recommend the following measures: The affected devices should be updated with the latest firmware Keep a close eye on any unauthorized access attempts to the systems and minimize exposure and access to them. Ensure that network monitoring is monitoring systems with these devices to be able to detect and track any behavior deviations from baseline. Guidance Customers are recommended to update their systems with the latest TI package in order to detect potential exposure risks and vulnerabilities in their networks and on their devices. Threat Intelligence packages are updated every month with the most up-to-date security information available, ensuring that Microsoft Defender for IoT can identify malicious actors and behaviors on devices. Update your system with the latest TI package The package is available for download from the Microsoft Defender for IoT portal (click Updates, then Download file), for more information, please review Update threat intelligence data | Microsoft Docs. MD5 Hash: 0442443fd124f59796c20dc65b486b3d For cloud connected sensors, Microsoft Defender for IoT can automatically update new threat intelligence packages following their release, click here for more information.Latest Threat Intelligence (March 2023)
Microsoft Defender for IoT has released the March 2023 Threat Intelligence package. The package is available for download from the Microsoft Defender for IoT portal (click Updates, then Download file). Threat Intelligence updates reflect the combined impact of proprietary research and threat intelligence carried out by Microsoft security teams. Each package contains the latest CVEs (Common Vulnerabilities and Exposures), IOCs (Indicators of Compromise), and other indicators applicable to IoT/ICS/OT networks (published during the past month) researched and implemented by Microsoft Defender for IoT’s security research team, Section 52. Guidance Customers are recommended to update their systems with the latest TI package in order to detect potential exposure risks and vulnerabilities in their networks and on their devices. Threat Intelligence packages are updated every month with the most up-to-date security information available, ensuring that Microsoft Defender for IoT can identify malicious actors and behaviors on devices. Update your system with the latest TI package The package is available for download from the Microsoft Defender for IoT portal (click Updates, then Download file), for more information, please review Update threat intelligence data | Microsoft Docs. MD5 Hash: 982bf4ffa90508ba4475c80c4d4a6bd6 For cloud connected sensors, Microsoft Defender for IoT can automatically update new threat intelligence packages following their release, click here for more information.Latest Threat Intelligence (May 2022)
Microsoft has released the May 2022 Threat Intelligence update package. The package is available for download from the Microsoft Defender for IoT portal (click Updates, then Download file). Threat Intelligence updates reflect the combined impact of proprietary research and threat intelligence carried out by Microsoft security teams. MD5 Hash - 542b8cffe15b91d1c9bc5f9895f1fd2a This package contains the latest CVEs (Common Vulnerabilities and Exposures), IOCs (Indicators of Compromise), and other indicators applicable to IoT/ICS/OT networks (published during the past month). The current release includes detection rules and IOCs implemented by Section 52 security researchers for: Pipedream/Incontroller modular attack framework and toolkit. The custom tools enable threat actors to conduct automated attacks, search for devices on networks, and disrupt operations and access. For more information, please read the following the recent alert on APT Cyber Tools Targeting ICS/SCADA Devices. BlackCat/ALPHV ransomware. BlackCat operators use previously compromised credentials to gain access to systems, deploy malicious scripts and disable security features. The ransomware has affected over 60 entities worldwide. For detailed IOCs and mitigation guidelines, please see the FBI Flash report for more information. Industroyer2 malware. The Industroyer variant is self-contained and highly customizable, allowing threat actors to adapt the malware to specific devices on OT networks. Updated CVEs (CVEs provide a reference method for publicly known information security vulnerabilities and exposures) published over the last month and are available for reference on the MITRE site, in the National Vulnerability Database site (NVD) as well as IoT/OT specific ICS-CERT. Update your system with the latest TI package: Microsoft Defender for IoT now pushes new threat intelligence packages to cloud-connected sensors upon release, click here for more information. Starting with sensor version 10.3, users can automatically receive up-to-date threat intelligence packages through Microsoft Defender for IoT. Working with automatic updates reduces operational effort and ensures greater security. Enable automatic updating on the Defender for IoT portal by onboarding your cloud-connected sensor with the toggle for Automatic Threat Intelligence Updates turned on. Additionally, the package can be downloaded from the Microsoft Defender for IoT portal, under Updates: To update a package on a single sensor: Go to the Microsoft Defender for IoT Updates page. Download and save the Threat Intelligence package. Sign into the sensor console. On the side menu, select System Settings. Select Threat Intelligence Data, and then select Update. Upload the new package. To update a package on multiple sensors simultaneously: Go to the Microsoft Defender for IoT Updates page. Download and save the Threat Intelligence package. Sign into the management console. On the side menu, select System Settings. In the Sensor Engine Configuration section, select the sensors that should receive the updated packages. In the Select Threat Intelligence Data section, select the plus sign (+). Upload the package. For more information, please review Update threat intelligence data | Microsoft DocsLatest Threat Intelligence (February 25th, 2021)
Microsoft has released the February 2021 Threat Intelligence update package. The package is available for download from the Azure Defender for IoT portal (click Updates, then Download file). Threat Intelligence updates reflect the combined impact of proprietary research and threat intelligence carried out by Microsoft security teams. The package includes the latest CVEs and IOCs applicable for IoT/ICS/OT networks. Update your system with the latest TI package: The package can be downloaded from the Azure Defender for IoT Portal, Updates page: To update a package on a single sensor: Go to the Azure Defender for IoT Updates page. Download and save the Threat Intelligence package. Sign into the sensor console. On the side menu, select System Settings. Select Threat Intelligence Data, and then select Update. Upload the new package. To update a package on multiple sensors simultaneously: Go to the Azure Defender for IoT Updates page. Download and save the Threat Intelligence package. Sign into the management console. On the side menu, select System Settings. In the Sensor Engine Configuration section, select the sensors that should receive the updated packages. In the Select Threat Intelligence Data section, select the plus sign (+). Upload the package. For more information, please review Update threat intelligence data | Microsoft DocsLatest Threat Intelligence (October 2025)
Microsoft Defender for IoT has released the October 2025 Threat Intelligence package. The package is available for download from the Microsoft Defender for IoT portal (click Updates, then Download file). Threat Intelligence updates reflect the combined impact of proprietary research and threat intelligence carried out by Microsoft security teams. Each package contains the latest CVEs (Common Vulnerabilities and Exposures), IOCs (Indicators of Compromise), and other indicators applicable to IoT/ICS/OT networks (published during the past month) researched and implemented by Microsoft Threat Intelligence Research - CPS. The CVE scores are aligned with the National Vulnerability Database (NVD). Starting with the August 2023 threat intelligence updates, CVSSv3 scores are shown if they are relevant; otherwise the CVSSv2 scores are shown. Guidance Customers are recommended to update their systems with the latest TI package in order to detect potential exposure risks and vulnerabilities in their networks and on their devices. Threat Intelligence packages are updated every month with the most up-to-date security information available, ensuring that Microsoft Defender for IoT can identify malicious actors and behaviors on devices. Update your system with the latest TI package The package is available for download from the Microsoft Defender for IoT portal (click Updates, then Download file), for more information, please review Update threat intelligence data | Microsoft Docs. MD5 Hash: 01757cbb8de8dfb10b140e0e6a1dfe41 For cloud connected sensors, Microsoft Defender for IoT can automatically update new threat intelligence packages following their release, click here for more information.Latest Threat Intelligence (September 2025)
Microsoft Defender for IoT has released the September 2025 Threat Intelligence package. The package is available for download from the Microsoft Defender for IoT portal (click Updates, then Download file). Threat Intelligence updates reflect the combined impact of proprietary research and threat intelligence carried out by Microsoft security teams. Each package contains the latest CVEs (Common Vulnerabilities and Exposures), IOCs (Indicators of Compromise), and other indicators applicable to IoT/ICS/OT networks (published during the past month) researched and implemented by Microsoft Threat Intelligence Research - CPS. The CVE scores are aligned with the National Vulnerability Database (NVD). Starting with the August 2023 threat intelligence updates, CVSSv3 scores are shown if they are relevant; otherwise the CVSSv2 scores are shown. Guidance Customers are recommended to update their systems with the latest TI package in order to detect potential exposure risks and vulnerabilities in their networks and on their devices. Threat Intelligence packages are updated every month with the most up-to-date security information available, ensuring that Microsoft Defender for IoT can identify malicious actors and behaviors on devices. Update your system with the latest TI package The package is available for download from the Microsoft Defender for IoT portal (click Updates, then Download file), for more information, please review Update threat intelligence data | Microsoft Docs. MD5 Hash: 14bf7b135c8c6d61d39ba6c28991f300 For cloud connected sensors, Microsoft Defender for IoT can automatically update new threat intelligence packages following their release, click here for more information.Latest Threat Intelligence (August 2025)
Microsoft Defender for IoT has released the August 2025 Threat Intelligence package. The package is available for download from the Microsoft Defender for IoT portal (click Updates, then Download file). Threat Intelligence updates reflect the combined impact of proprietary research and threat intelligence carried out by Microsoft security teams. Each package contains the latest CVEs (Common Vulnerabilities and Exposures), IOCs (Indicators of Compromise), and other indicators applicable to IoT/ICS/OT networks (published during the past month) researched and implemented by Microsoft Threat Intelligence Research - CPS. The CVE scores are aligned with the National Vulnerability Database (NVD). Starting with the August 2023 threat intelligence updates, CVSSv3 scores are shown if they are relevant; otherwise the CVSSv2 scores are shown. Guidance Customers are recommended to update their systems with the latest TI package in order to detect potential exposure risks and vulnerabilities in their networks and on their devices. Threat Intelligence packages are updated every month with the most up-to-date security information available, ensuring that Microsoft Defender for IoT can identify malicious actors and behaviors on devices. Update your system with the latest TI package The package is available for download from the Microsoft Defender for IoT portal (click Updates, then Download file), for more information, please review Update threat intelligence data | Microsoft Docs. MD5 Hash: 6d6cf3931c4e7ad160a74d4fad19a89c For cloud connected sensors, Microsoft Defender for IoT can automatically update new threat intelligence packages following their release, click here for more information.Latest Threat Intelligence (May 2025)
Microsoft Defender for IoT has released the May 2025 Threat Intelligence package. The package is available for download from the Microsoft Defender for IoT portal (click Updates, then Download file). Threat Intelligence updates reflect the combined impact of proprietary research and threat intelligence carried out by Microsoft security teams. Each package contains the latest CVEs (Common Vulnerabilities and Exposures), IOCs (Indicators of Compromise), and other indicators applicable to IoT/ICS/OT networks (published during the past month) researched and implemented by Microsoft Threat Intelligence Research - CPS. The CVE scores are aligned with the National Vulnerability Database (NVD). Starting with the August 2023 threat intelligence updates, CVSSv3 scores are shown if they are relevant; otherwise the CVSSv2 scores are shown. Guidance Customers are recommended to update their systems with the latest TI package in order to detect potential exposure risks and vulnerabilities in their networks and on their devices. Threat Intelligence packages are updated every month with the most up-to-date security information available, ensuring that Microsoft Defender for IoT can identify malicious actors and behaviors on devices. Update your system with the latest TI package The package is available for download from the Microsoft Defender for IoT portal (click Updates, then Download file), for more information, please review Update threat intelligence data | Microsoft Docs. MD5 Hash: d24a971301003c37622f21b7e30a80cb For cloud connected sensors, Microsoft Defender for IoT can automatically update new threat intelligence packages following their release, click here for more information.
