{ "id": "cf23fafa-b689-4844-9924-86f1d9b42f6a", "created_at": "2026-04-06T15:52:06.246363Z", "updated_at": "2026-04-10T03:37:32.69331Z", "deleted_at": null, "sha1_hash": "fe5c674a853816574fe1ef20cd8e650eb49c70a9", "title": "Microsoft Security Response Center Blog", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 49682, "plain_text": "Microsoft Security Response Center Blog\r\nArchived: 2026-04-06 15:43:34 UTC\r\nThe research never stops: Zhiniang Peng’s security research story\r\nWednesday, March 4, 2026\r\nSome security researchers discover hacking early. Others discover it accidentally. For Zhiniang Peng, it started\r\nwith curiosity and cybersecurity magazines. Growing up in China, computers and the internet were already part of\r\ndaily life by the time\r\nRead More\r\nFrom arcades to Azure: Felix’s security research journey\r\nFriday, February 20, 2026\r\nWhen you talk with Felix, you quickly get the sense that he has always been propelled by curiosity and by a need\r\nfor something that truly challenges him. Today, he is a successful independent security researcher who\r\nuncovers vulnerabilities across\r\nRead More\r\nSubmit your research: BlueHat 2026 Call for Papers is open\r\nFriday, February 13, 2026\r\nThe next BlueHat Conference will take place May 5 - 6, 2026, on Microsoft’s Redmond campus in Washington\r\nState, USA. The Call for Papers (CFP) is now open and closes February 28, 2026. The BlueHat community brings\r\ntogether security researchers and\r\nRead More\r\nFixing the script: Journey to reduce XSS exposure\r\nMonday, February 9, 2026\r\nCross‑site scripting (XSS) remains one of the most frequently reported web vulnerabilities—not because\r\ndevelopers are unaware of it, but because many deployed mitigations address symptoms rather than root\r\ncauses. Across vulnerability reports and\r\nRead More\r\nHow Asem Eleraky went from a shared family PC to finding critical vulnerabilities\r\nhttps://msrc.microsoft.com/blog/2024/01/microsoft-actions-following-attack-by-nation-state-actor-midnight-blizzard/\r\nPage 1 of 3\n\nMonday, February 9, 2026\r\nIn the world of vulnerability research, origin stories are rarely linear. For Asem Eleraky, the path to becoming a\r\nMicrosoft MVR began not in a SOC lab or a university classroom, but with a single family PC and a short daily\r\nwindow to explore his\r\nRead More\r\nFrom points to payouts: The evolution of the Microsoft security researcher\r\nleaderboard\r\nFriday, February 6, 2026\r\nThe global security research community plays a critical role in helping Microsoft protect customers. Through their\r\ndeep technical expertise, coordinated disclosure, and collaboration, researchers help identify and\r\nremediate vulnerabilities, and shape\r\nRead More\r\n“The bugs pick you”: Inside Wouter’s security research journey\r\nThursday, January 29, 2026\r\nIf you ask Wouter when his security journey began, he’ll take you back to a childhood in the Netherlands,\r\ntinkering with the 8086 PC his parents brought home when he was five or six. That early curiosity, fueled by\r\nracing games, trial-and-error\r\nRead More\r\nCongratulations to the top MSRC 2025 Q4 security researchers!\r\nMonday, January 5, 2026\r\nCongratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition\r\nProgram leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers.\r\nThe top three researchers of the 2025 Q4\r\nRead More\r\nEvolving our approach to coordinated security research: In scope by default\r\nThursday, December 11, 2025\r\nToday at Black Hat Europe, I raised our commitment to customer security through our partnerships with the\r\nsecurity research community. In an AI and cloud-first world, threat actors don’t limit themselves to\r\nspecific products or services. They don’t\r\nhttps://msrc.microsoft.com/blog/2024/01/microsoft-actions-following-attack-by-nation-state-actor-midnight-blizzard/\r\nPage 2 of 3\n\nRead More\r\nHow Brad Schlintz built a life of freedom and impact through security research\r\nTuesday, December 9, 2025\r\nAt Microsoft Security Response Center (MSRC), we celebrate the diverse paths that bring researchers to our\r\ncommunity. Brad Schlintz’s story is one of curiosity, resilience, and a relentless drive to learn, spanning rural\r\nbeginnings, career pivots,\r\nRead More\r\nSource: https://msrc.microsoft.com/blog/2024/01/microsoft-actions-following-attack-by-nation-state-actor-midnight-blizzard/\r\nhttps://msrc.microsoft.com/blog/2024/01/microsoft-actions-following-attack-by-nation-state-actor-midnight-blizzard/\r\nPage 3 of 3", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://msrc.microsoft.com/blog/2024/01/microsoft-actions-following-attack-by-nation-state-actor-midnight-blizzard/" ], "report_names": [ "microsoft-actions-following-attack-by-nation-state-actor-midnight-blizzard" ], "threat_actors": [ { "id": "a241a1ca-2bc9-450b-a07b-aae747ee2710", "created_at": "2024-06-19T02:03:08.150052Z", "updated_at": "2026-04-10T02:00:03.737173Z", "deleted_at": null, "main_name": "IRON RITUAL", "aliases": [ "APT29", "Blue Dev 5 ", "BlueBravo ", "Cloaked Ursa ", "CozyLarch ", "Dark Halo ", "Midnight Blizzard ", "NOBELIUM ", "StellarParticle ", "UNC2452 " ], "source_name": "Secureworks:IRON RITUAL", "tools": [ "Brute Ratel C4", "Cobalt Strike", "EnvyScout", "GoldFinder", "GoldMax", "NativeZone", "RAINDROP", "SUNBURST", "Sibot", "TEARDROP", "VaporRage" ], "source_id": "Secureworks", "reports": null }, { "id": "70872c3a-e788-4b55-a7d6-b2df52001ad0", "created_at": "2023-01-06T13:46:39.18401Z", "updated_at": "2026-04-10T02:00:03.239111Z", "deleted_at": null, "main_name": "UNC2452", "aliases": [ "DarkHalo", "StellarParticle", "NOBELIUM", "Solar Phoenix", "Midnight Blizzard" ], "source_name": "MISPGALAXY:UNC2452", "tools": [ "SNOWYAMBER", "HALFRIG", "QUARTERRIG" ], "source_id": "MISPGALAXY", "reports": null }, { "id": "20d3a08a-3b97-4b2f-90b8-92a89089a57a", "created_at": "2022-10-25T15:50:23.548494Z", "updated_at": "2026-04-10T02:00:05.292748Z", "deleted_at": null, "main_name": "APT29", "aliases": [ "APT29", "IRON RITUAL", "IRON HEMLOCK", "NobleBaron", "Dark Halo", "NOBELIUM", "UNC2452", "YTTRIUM", "The Dukes", "Cozy Bear", "CozyDuke", "SolarStorm", "Blue Kitsune", "UNC3524", "Midnight Blizzard" ], "source_name": "MITRE:APT29", "tools": [ "PinchDuke", "ROADTools", "WellMail", "CozyCar", "Mimikatz", "Tasklist", "OnionDuke", "FatDuke", "POSHSPY", "EnvyScout", "SoreFang", "GeminiDuke", "reGeorg", "GoldMax", "FoggyWeb", "SDelete", "PolyglotDuke", "AADInternals", "MiniDuke", "SeaDuke", "Sibot", "RegDuke", "CloudDuke", "GoldFinder", "AdFind", "PsExec", "NativeZone", "Systeminfo", "ipconfig", "Impacket", "Cobalt Strike", "PowerDuke", "QUIETEXIT", "HAMMERTOSS", "BoomBox", "CosmicDuke", "WellMess", "VaporRage", "LiteDuke" ], "source_id": "MITRE", "reports": null }, { "id": "f27790ff-4ee0-40a5-9c84-2b523a9d3270", "created_at": "2022-10-25T16:07:23.341684Z", "updated_at": "2026-04-10T02:00:04.549917Z", "deleted_at": null, "main_name": "APT 29", "aliases": [ "APT 29", "ATK 7", "Blue Dev 5", "BlueBravo", "Cloaked Ursa", "CloudLook", "Cozy Bear", "Dark Halo", "Earth Koshchei", "G0016", "Grizzly Steppe", "Group 100", "ITG11", "Iron Hemlock", "Iron Ritual", "Midnight Blizzard", "Minidionis", "Nobelium", "NobleBaron", "Operation Ghost", "Operation Office monkeys", "Operation StellarParticle", "SilverFish", "Solar Phoenix", "SolarStorm", "StellarParticle", "TEMP.Monkeys", "The Dukes", "UNC2452", "UNC3524", "Yttrium" ], "source_name": "ETDA:APT 29", "tools": [ "7-Zip", "ATI-Agent", "AdFind", "Agentemis", "AtNow", "BEATDROP", "BotgenStudios", "CEELOADER", "Cloud Duke", "CloudDuke", "CloudLook", "Cobalt Strike", "CobaltStrike", "CosmicDuke", "Cozer", "CozyBear", "CozyCar", "CozyDuke", "Danfuan", "EnvyScout", "EuroAPT", "FatDuke", "FoggyWeb", "GeminiDuke", "Geppei", "GoldFinder", "GoldMax", "GraphDrop", "GraphicalNeutrino", "GraphicalProton", "HAMMERTOSS", "HammerDuke", "LOLBAS", "LOLBins", "LiteDuke", "Living off the Land", "MagicWeb", "Mimikatz", "MiniDionis", "MiniDuke", "NemesisGemina", "NetDuke", "OnionDuke", "POSHSPY", "PinchDuke", "PolyglotDuke", "PowerDuke", "QUIETEXIT", "ROOTSAW", "RegDuke", "Rubeus", "SNOWYAMBER", "SPICYBEAT", "SUNSHUTTLE", "SeaDaddy", "SeaDask", "SeaDesk", "SeaDuke", "Sharp-SMBExec", "SharpView", "Sibot", "Solorigate", "SoreFang", "TinyBaron", "WINELOADER", "WellMail", "WellMess", "cobeacon", "elf.wellmess", "reGeorg", "tDiscoverer" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775490726, "ts_updated_at": 1775792252, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/fe5c674a853816574fe1ef20cd8e650eb49c70a9.pdf", "text": "https://archive.orkl.eu/fe5c674a853816574fe1ef20cd8e650eb49c70a9.txt", "img": "https://archive.orkl.eu/fe5c674a853816574fe1ef20cd8e650eb49c70a9.jpg" } }