{
	"id": "c95ed93d-f8f0-4d0d-8f52-d0eefb19820e",
	"created_at": "2026-04-10T03:21:15.143891Z",
	"updated_at": "2026-04-10T03:22:16.995102Z",
	"deleted_at": null,
	"sha1_hash": "92901a5854bfed0a85e7e37858e5553fac163609",
	"title": "Microsoft Defender for Cloud Apps Archives | Microsoft Security Blog",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 50473,
	"plain_text": "Microsoft Defender for Cloud Apps Archives | Microsoft Security\r\nBlog\r\nPublished: 2026-03-04 · Archived: 2026-04-10 02:36:23 UTC\r\nInside Tycoon2FA: How a leading AiTM phishing kit operated at scale\r\nTycoon2FA has become a leading phishing-as-a-service (PhaaS) platforms, enabling campaigns that reach\r\nover 500,000 organizations monthly, prompting Microsoft’s Digital Crimes Unit (DCU) to work with\r\nEuropol and industry partners to facilitate a disruption of Tycoon2FA’s infrastructure and operations.\r\nNew Microsoft Data Security Index report explores secure AI adoption to protect sensitive\r\ndata\r\nThe 2026 Microsoft Data Security Index explores one of the most pressing questions facing organizations\r\ntoday: How can we harness the power of generative while safeguarding sensitive data?\r\nPhishing actors exploit complex routing and misconfigurations to spoof domains\r\nThreat actors are exploiting complex routing scenarios and misconfigured spoof protections to send\r\nspoofed phishing emails, crafted to appear as internally sent messages.\r\nInvestigating targeted “payroll pirate” attacks affecting US universities\r\nMicrosoft Threat Intelligence has identified a financially motivated threat actor that we track as Storm-2657 compromising employee accounts to gain unauthorized access to employee profiles and divert salary\r\npayments to attacker-controlled accounts, attacks that have been dubbed “payroll pirate”.\r\nDisrupting threats targeting Microsoft Teams\r\nThreat actors seek to abuse Microsoft Teams features and capabilities across the attack chain, underscoring\r\nthe importance for defenders to proactively monitor, detect, and respond effectively.\r\nStorm-0501’s evolving techniques lead to cloud-based ransomware\r\nFinancially motivated threat actor Storm-0501 has continuously evolved their campaigns to achieve\r\nsharpened focus on cloud-based tactics, techniques, and procedures (TTPs).\r\nJasper Sleet: North Korean remote IT workers’ evolving tactics to infiltrate organizations\r\nSince 2024, Microsoft Threat Intelligence has observed remote IT workers deployed by North Korea\r\nleveraging AI to improve the scale and sophistication of their operations, steal data, and generate revenue\r\nfor the North Korean government.\r\nhttps://blogs.technet.microsoft.com/mmpc/2017/12/04/microsoft-teams-up-with-law-enforcement-and-other-partners-to-disrupt-gamarue-andromeda/\r\nPage 1 of 2\n\nNew Russia-affiliated actor Void Blizzard targets critical sectors for espionage\r\nMicrosoft Threat Intelligence has discovered a cluster of worldwide cloud abuse activity conducted by a\r\nthreat actor we track as Void Blizzard, who we assess with high confidence is Russia-affiliated and has\r\nbeen active since at least April 2024.\r\nSilk Typhoon targeting IT supply chain\r\nSilk Typhoon is a Chinese state actor focused on espionage campaigns targeting a wide range of industries\r\nin the US and throughout the world.\r\nSecuring DeepSeek and other AI systems with Microsoft Security\r\nMicrosoft Security provides cyberthreat protection, posture management, data security, compliance and\r\ngovernance, and AI safety, to secure AI applications that you build and use.\r\nWhy security teams rely on Microsoft Defender Experts for XDR for managed detection\r\nand response\r\nMicrosoft Defender Experts for XDR is a mature and proven service that triages, investigates, and responds\r\nto incidents and hunts for threats on a customer’s behalf around the clock.\r\nChinese threat actor Storm-0940 uses credentials from password spray attacks from a\r\ncovert network\r\nSince August 2023, Microsoft has observed intrusion activity targeting and successfully stealing credentials\r\nfrom multiple Microsoft customers that is enabled by highly evasive password spray attacks.\r\nSource: https://blogs.technet.microsoft.com/mmpc/2017/12/04/microsoft-teams-up-with-law-enforcement-and-other-partners-to-disrupt-gamar\r\nue-andromeda/\r\nhttps://blogs.technet.microsoft.com/mmpc/2017/12/04/microsoft-teams-up-with-law-enforcement-and-other-partners-to-disrupt-gamarue-andromeda/\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://blogs.technet.microsoft.com/mmpc/2017/12/04/microsoft-teams-up-with-law-enforcement-and-other-partners-to-disrupt-gamarue-andromeda/"
	],
	"report_names": [
		"microsoft-teams-up-with-law-enforcement-and-other-partners-to-disrupt-gamarue-andromeda"
	],
	"threat_actors": [],
	"ts_created_at": 1775791275,
	"ts_updated_at": 1775791336,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/92901a5854bfed0a85e7e37858e5553fac163609.pdf",
		"text": "https://archive.orkl.eu/92901a5854bfed0a85e7e37858e5553fac163609.txt",
		"img": "https://archive.orkl.eu/92901a5854bfed0a85e7e37858e5553fac163609.jpg"
	}
}