{ "id": "4597cf0f-bf22-4541-91a6-e464e329bc49", "created_at": "2026-04-06T00:16:20.417931Z", "updated_at": "2026-04-10T03:20:49.869679Z", "deleted_at": null, "sha1_hash": "c1e5019b8671136f29e367734c79110451e14272", "title": "Real-life cybercrime stories from DART, the Microsoft Detection and Response Team", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 42197, "plain_text": "Real-life cybercrime stories from DART, the Microsoft Detection\r\nand Response Team\r\nBy Microsoft Security Team\r\nPublished: 2020-03-09 · Archived: 2026-04-05 16:36:53 UTC\r\nWhen we published our first blog about the Microsoft Detection and Response Team (DART) in March of 2019,\r\nwe described our mission as responding to compromises and helping our customers become cyber-resilient. In pursuit of this mission we had already been providing onsite reactive incident response and remote\r\nproactive investigations to our customers long before our blog. And our response expertise has been leveraged\r\nmany times by government and commercial entities around the world to help secure their most sensitive, critical\r\nenvironments.\r\nWhen our team works on the frontlines of cybersecurity, chasing adversaries in many different digital estates on a\r\ndaily basis, our experiences become valuable lessons on attacker methods as well as security best practices. And\r\nbecause of this, our colleagues and customers have been asking for case studies, reports, and even anecdotes from\r\nDART engagements.\r\nFinally, we can respond to these inquiries by publishing our first DART Case Report 001: …And Then There\r\nWere Six. Case Report 001 is a story of cybercrime when DART was called in to help identify and evict an\r\nattacker, only to discover there were already 5 more adversaries in the same environment. Read the full report for\r\nthe details.\r\nIn the DART Case Reports, you will find unique stories from our team’s engagements around the globe; details on\r\nthe attacker(s) methods, a diagram of how they progressed in the environment, how DART was able to identify\r\nand evict them, as well as best practices to avoid similar incidents.\r\nWhat you won’t find is any information about our customers, or their defenses, because in our reports we will\r\nfocus solely on the attacker Tactics, Techniques, and Procedures (TTP) and how to defend against them. Read our\r\nfirst report, reach out to your Microsoft account manager or Premier Support contact if you need more information\r\non DART services—and stay tuned for more DART Case Reports.\r\nDART leverages Microsoft’s strategic partnerships with security organizations around the world and with internal\r\nMicrosoft product groups to provide the most complete and thorough investigation possible.\r\nSource: https://www.microsoft.com/security/blog/2020/03/09/real-life-cybercrime-stories-dart-microsoft-detection-and-response-team\r\nhttps://www.microsoft.com/security/blog/2020/03/09/real-life-cybercrime-stories-dart-microsoft-detection-and-response-team\r\nPage 1 of 1", "extraction_quality": 1, "language": "EN", "sources": [ "MITRE" ], "references": [ "https://www.microsoft.com/security/blog/2020/03/09/real-life-cybercrime-stories-dart-microsoft-detection-and-response-team" ], "report_names": [ "real-life-cybercrime-stories-dart-microsoft-detection-and-response-team" ], "threat_actors": [], "ts_created_at": 1775434580, "ts_updated_at": 1775791249, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/c1e5019b8671136f29e367734c79110451e14272.pdf", "text": "https://archive.orkl.eu/c1e5019b8671136f29e367734c79110451e14272.txt", "img": "https://archive.orkl.eu/c1e5019b8671136f29e367734c79110451e14272.jpg" } }