<!DOCTYPE html> <html lang="en-US" dir="ltr" class="no-js"> <head> <meta charset="UTF-8" /> <meta name="viewport" content="width=device-width, initial-scale=1" /> <script>(function(html){html.className = html.className.replace(/\bno-js\b/,'js')})(document.documentElement);</script> <script>(function(html){html.className = html.className.replace(/\bno-js\b/,'js')})(document.documentElement);</script> <link rel="shortcut icon" href="https://c.s-microsoft.com/favicon.ico?v2" type="image/x-icon" /> <link rel="dns-prefetch" href="//target.microsoft.com"> <link rel="dns-prefetch" href="//microsoftmscompoc.tt.omtrdc.net"> <link rel="preload" href="https://wcpstatic.microsoft.com/mscc/lib/v2/wcp-consent.js" as="script"> <link rel="preload" href="https://www.microsoft.com/en-us/security/blog/wp-content/plugins/microsoft-metrics/assets/js/at.2.9.0.js" as="script"> <meta name="awa-pageType" content="Post"> <meta name="awa-market" content="en-us"> <meta name="awa-env" content="Production"> <meta name="awa‐asst" content="130492"> <meta name="awa-xtopic" content="Threat intelligence"> <meta name="awa-xtag" content="Blizzard,Living off the land,State-sponsored threat actor"> <meta name="awa-xproduct" content="Microsoft Defender,Microsoft Defender for Endpoint,Microsoft Defender Vulnerability Management,Microsoft Defender XDR,Microsoft Sentinel"> <meta name="awa-xtype" content="Research"> <meta name="awa-xintelligence" content="Attacker techniques, tools, and infrastructure,Cybercrime,Threat actors,Vulnerabilities and exploits"> <meta name="awa-pgauth" content="Microsoft Threat Intelligence"> <meta name="awa-publishedDate" content="20230614"> <meta name='robots' content='index, follow, max-image-preview:large, max-snippet:-1, max-video-preview:-1' /> <script> // Define Adobe Target Property var at_property = "beedee45-3f39-f022-9e83-653d86f7267c"; // Workspace Name ! function () { window.tt_getCookie = function (t) { var e = RegExp(t + "[^;]+").exec(document.cookie); return decodeURIComponent(e ? e.toString().replace(/^[^=]+./, "") : "") } var t = tt_getCookie("MC1"), e = tt_getCookie("MSFPC"); function o(t) { return t.split("=")[1].slice(0, 32) } var n = ""; if ("" != t) n = o(t); else if ("" != e) n = o(e); if (n.length > 0) var r = n; if (n.length > 0 && at_property != "") { window.targetPageParams = function () { return { "mbox3rdPartyId": r, "at_property": at_property } } } else if (at_property != "") { window.targetPageParams = function () { return { "at_property": at_property } } } }(); // ContentSquare functions function isEmpty(val) { return (val === undefined || val == null || val.length <= 0) ? true : false; } function key(obj) { return Object.keys(obj) .map(function(k) { return k + "" + obj[k]; }) .join(""); } function distinct(arr) { var result = arr.reduce(function(acc, e) { acc[key(e)] = e; return acc;}, {}); return Object.keys(result) .map(function(k) { return result[k]; }); } // Adobe Analytics data collection / ContentSquare ttMeta Object **DO NOT ALTER** var tnt_response = ""; document.addEventListener("at-request-succeeded", function (e) { if (e.detail.analyticsDetails != undefined) { /*** 1DS ***/ window.check1DS = function (j) { // function to check either 1DS or JSLL if ( (typeof analytics !== 'undefined') && typeof analytics.isInitialized === 'function' && analytics.isInitialized()) { // Check for 1DS tnt_response = e.detail; //ContentUpdate Event with Target Friendly names if (e.detail.responseTokens != undefined) { //checks for friendly name data from response tokens console.log("1DS - present with response tokens"); //ContentUpdate Event with tnta analytics.captureContentUpdate( { actionType: "A", behavior: "12", content: JSON.stringify({}), pageTags: { tnta: (tnt_response && tnt_response.analyticsDetails[0] ? tnt_response.analyticsDetails[0].payload.tnta : ''), //a4t data payload } } ) var tt_activityCount = e.detail.responseTokens.length; for (i = 0; i < tt_activityCount; i++) { //1DS Content Update console.log('1DS - started captureContentCall - i=' + i); analytics.captureContentUpdate( { actionType: "A", behavior: "12", content: JSON.stringify({}), pageTags: { tnta: '', // null out tnta to prevent duplicate A4T hits at_activity_name: (tnt_response && tnt_response.responseTokens[i] ? tnt_response.responseTokens[i]["activity.name"] : ''), //friendly name target activity at_exp_name: (tnt_response && tnt_response.responseTokens[i] ? tnt_response.responseTokens[i]["experience.name"] : ''), // friendly name target experience at_activity_id: (tnt_response && tnt_response.responseTokens[i] ? tnt_response.responseTokens[i]["activity.id"] : ''), at_exp_id: (tnt_response && tnt_response.responseTokens[i] ? tnt_response.responseTokens[i]["experience.id"] : '') } } ) } console.log('1DS - completed captureContentCall'); // ttMETA object set for ContentSquare pickup window.ttMETA = typeof(window.ttMETA) != "undefined" ? window.ttMETA : []; var tokens = e.detail.responseTokens; if (isEmpty(tokens)) { return; } var uniqueTokens = distinct(tokens); uniqueTokens.forEach(function(token) { window.ttMETA.push({ 'CampaignName': token["activity.name"], 'CampaignId': token["activity.id"], 'RecipeName': token["experience.name"], 'RecipeId': token["experience.id"], 'OfferId': token["option.id"], 'OfferName': token["option.name"] }); }); } else { console.log("1DS - present, no response tokens"); } } else { console.log('1DS - looping 1DS check'); if(j < 40) { j++; setTimeout(function(){check1DS(j)}, 250); console.log('1DS - looping 1DS check - loop j=' + j); } } }; check1DS(1); /*** /1DS ***/ } }); </script> <script> function adobeTargetTracking() { var s = document.createElement( 'script' ); var src = "https://www.microsoft.com/en-us/security/blog/wp-content/plugins/microsoft-metrics/assets/js/at.2.9.0.js"; s.setAttribute( 'src', src ); document.body.appendChild( s ); } </script> <!-- Adobe Target --> <!-- This site is optimized with the Yoast SEO plugin v23.9 - https://yoast.com/wordpress/plugins/seo/ --> <title>Cadet Blizzard emerges as a novel and distinct Russian threat actor | Microsoft Security Blog</title> <meta name="description" content="Microsoft shares new details about techniques of a distinct Russian state-sponsored threat actor, now elevated to the name Cadet Blizzard." /> <link rel="canonical" href="https://www.microsoft.com/en-us/security/blog/2023/06/14/cadet-blizzard-emerges-as-a-novel-and-distinct-russian-threat-actor/" /> <meta property="og:locale" content="en_US" /> <meta property="og:type" content="article" /> <meta property="og:title" content="Cadet Blizzard emerges as a novel and distinct Russian threat actor | Microsoft Security Blog" /> <meta property="og:description" content="Microsoft shares new details about techniques of a distinct Russian state-sponsored threat actor, now elevated to the name Cadet Blizzard." /> <meta property="og:url" content="https://www.microsoft.com/en-us/security/blog/2023/06/14/cadet-blizzard-emerges-as-a-novel-and-distinct-russian-threat-actor/" /> <meta property="og:site_name" content="Microsoft Security Blog" /> <meta property="article:published_time" content="2023-06-14T16:00:00+00:00" /> <meta property="article:modified_time" content="2024-07-03T14:39:56+00:00" /> <meta property="og:image" content="https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/06/Twitter-image-Cadet-Blizzard.png" /> <meta property="og:image:width" content="1200" /> <meta property="og:image:height" content="628" /> <meta property="og:image:type" content="image/png" /> <meta name="author" content="Microsoft Threat Intelligence" /> <meta name="twitter:card" content="summary_large_image" /> <meta name="twitter:image" content="https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/06/Twitter-image-Cadet-Blizzard.png" /> <meta name="twitter:label1" content="Written by" /> <meta name="twitter:data1" content="Microsoft Threat Intelligence" /> <meta name="twitter:label2" content="Est. reading time" /> <meta name="twitter:data2" content="13 minutes" /> <script type="application/ld+json" class="yoast-schema-graph">{"@context":"https://schema.org","@graph":[{"@type":"Article","@id":"https://www.microsoft.com/en-us/security/blog/2023/06/14/cadet-blizzard-emerges-as-a-novel-and-distinct-russian-threat-actor/#article","isPartOf":{"@id":"https://www.microsoft.com/en-us/security/blog/2023/06/14/cadet-blizzard-emerges-as-a-novel-and-distinct-russian-threat-actor/"},"author":[{"@id":"https://www.microsoft.com/en-us/security/blog/#/schema/person/image/f60c121ba0e7c0dcb75487c559ea289e"}],"headline":"Cadet Blizzard emerges as a novel and distinct Russian threat actor","datePublished":"2023-06-14T16:00:00+00:00","dateModified":"2024-07-03T14:39:56+00:00","mainEntityOfPage":{"@id":"https://www.microsoft.com/en-us/security/blog/2023/06/14/cadet-blizzard-emerges-as-a-novel-and-distinct-russian-threat-actor/"},"wordCount":3315,"publisher":{"@id":"https://www.microsoft.com/en-us/security/blog/#organization"},"image":{"@id":"https://www.microsoft.com/en-us/security/blog/2023/06/14/cadet-blizzard-emerges-as-a-novel-and-distinct-russian-threat-actor/#primaryimage"},"thumbnailUrl":"https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/06/Featured-image-Cadet-Blizzard.jpg","keywords":["Blizzard","Living off the land","State-sponsored threat actor"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https://www.microsoft.com/en-us/security/blog/2023/06/14/cadet-blizzard-emerges-as-a-novel-and-distinct-russian-threat-actor/","url":"https://www.microsoft.com/en-us/security/blog/2023/06/14/cadet-blizzard-emerges-as-a-novel-and-distinct-russian-threat-actor/","name":"Cadet Blizzard emerges as a novel and distinct Russian threat actor | Microsoft Security Blog","isPartOf":{"@id":"https://www.microsoft.com/en-us/security/blog/#website"},"primaryImageOfPage":{"@id":"https://www.microsoft.com/en-us/security/blog/2023/06/14/cadet-blizzard-emerges-as-a-novel-and-distinct-russian-threat-actor/#primaryimage"},"image":{"@id":"https://www.microsoft.com/en-us/security/blog/2023/06/14/cadet-blizzard-emerges-as-a-novel-and-distinct-russian-threat-actor/#primaryimage"},"thumbnailUrl":"https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/06/Featured-image-Cadet-Blizzard.jpg","datePublished":"2023-06-14T16:00:00+00:00","dateModified":"2024-07-03T14:39:56+00:00","description":"Microsoft shares new details about techniques of a distinct Russian state-sponsored threat actor, now elevated to the name Cadet Blizzard.","breadcrumb":{"@id":"https://www.microsoft.com/en-us/security/blog/2023/06/14/cadet-blizzard-emerges-as-a-novel-and-distinct-russian-threat-actor/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https://www.microsoft.com/en-us/security/blog/2023/06/14/cadet-blizzard-emerges-as-a-novel-and-distinct-russian-threat-actor/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https://www.microsoft.com/en-us/security/blog/2023/06/14/cadet-blizzard-emerges-as-a-novel-and-distinct-russian-threat-actor/#primaryimage","url":"https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/06/Featured-image-Cadet-Blizzard.jpg","contentUrl":"https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/06/Featured-image-Cadet-Blizzard.jpg","width":1200,"height":800,"caption":"a close up of a blue wall"},{"@type":"BreadcrumbList","@id":"https://www.microsoft.com/en-us/security/blog/2023/06/14/cadet-blizzard-emerges-as-a-novel-and-distinct-russian-threat-actor/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://www.microsoft.com/en-us/security/blog/"},{"@type":"ListItem","position":2,"name":"Cadet Blizzard emerges as a novel and distinct Russian threat actor"}]},{"@type":"WebSite","@id":"https://www.microsoft.com/en-us/security/blog/#website","url":"https://www.microsoft.com/en-us/security/blog/","name":"Microsoft Security Blog","description":"Expert coverage of cybersecurity topics","publisher":{"@id":"https://www.microsoft.com/en-us/security/blog/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https://www.microsoft.com/en-us/security/blog/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https://www.microsoft.com/en-us/security/blog/#organization","name":"Microsoft Security Blog","url":"https://www.microsoft.com/en-us/security/blog/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https://www.microsoft.com/en-us/security/blog/#/schema/logo/image/","url":"https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2018/08/cropped-cropped-microsoft_logo_element.png","contentUrl":"https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2018/08/cropped-cropped-microsoft_logo_element.png","width":512,"height":512,"caption":"Microsoft Security Blog"},"image":{"@id":"https://www.microsoft.com/en-us/security/blog/#/schema/logo/image/"}},{"@type":"Person","@id":"https://www.microsoft.com/en-us/security/blog/#/schema/person/image/f60c121ba0e7c0dcb75487c559ea289e","name":"Microsoft Threat Intelligence","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https://www.microsoft.com/en-us/security/blog/#/schema/person/image/827d7f22f1f23baabd1a5542e32d8586","url":"https://secure.gravatar.com/avatar/?s=96&d=microsoft&r=g","contentUrl":"https://secure.gravatar.com/avatar/?s=96&d=microsoft&r=g","caption":"Microsoft Threat Intelligence"},"url":"https://www.microsoft.com/en-us/security/blog/author/microsoft-security-threat-intelligence/"}]}</script> <!-- / Yoast SEO plugin. --> <link rel='dns-prefetch' href='//wcpstatic.microsoft.com' /> <link rel='dns-prefetch' href='//www.microsoft.com' /> <link rel='dns-prefetch' href='//js.monitor.azure.com' /> <link rel="alternate" type="application/rss+xml" title="Microsoft Security Blog &raquo; Feed" href="https://www.microsoft.com/en-us/security/blog/feed/" /> <link rel="alternate" type="application/rss+xml" title="Microsoft Security Blog &raquo; Comments Feed" href="https://www.microsoft.com/en-us/security/blog/comments/feed/" /> <link rel='stylesheet' id='wp-block-library-css' href='https://www.microsoft.com/en-us/security/blog/wp-includes/css/dist/block-library/style.min.css?ver=6.6.2' type='text/css' media='all' /> <style id='co-authors-plus-coauthors-style-inline-css' type='text/css'> .wp-block-co-authors-plus-coauthors.is-layout-flow [class*=wp-block-co-authors-plus]{display:inline} </style> <style id='co-authors-plus-avatar-style-inline-css' type='text/css'> .wp-block-co-authors-plus-avatar :where(img){height:auto;max-width:100%;vertical-align:bottom}.wp-block-co-authors-plus-coauthors.is-layout-flow .wp-block-co-authors-plus-avatar :where(img){vertical-align:middle}.wp-block-co-authors-plus-avatar:is(.alignleft,.alignright){display:table}.wp-block-co-authors-plus-avatar.aligncenter{display:table;margin-inline:auto} </style> <style id='co-authors-plus-image-style-inline-css' type='text/css'> .wp-block-co-authors-plus-image{margin-bottom:0}.wp-block-co-authors-plus-image :where(img){height:auto;max-width:100%;vertical-align:bottom}.wp-block-co-authors-plus-coauthors.is-layout-flow .wp-block-co-authors-plus-image :where(img){vertical-align:middle}.wp-block-co-authors-plus-image:is(.alignfull,.alignwide) :where(img){width:100%}.wp-block-co-authors-plus-image:is(.alignleft,.alignright){display:table}.wp-block-co-authors-plus-image.aligncenter{display:table;margin-inline:auto} </style> <style id='global-styles-inline-css' type='text/css'> :root{--wp--preset--aspect-ratio--square: 1;--wp--preset--aspect-ratio--4-3: 4/3;--wp--preset--aspect-ratio--3-4: 3/4;--wp--preset--aspect-ratio--3-2: 3/2;--wp--preset--aspect-ratio--2-3: 2/3;--wp--preset--aspect-ratio--16-9: 16/9;--wp--preset--aspect-ratio--9-16: 9/16;--wp--preset--color--black: #000000;--wp--preset--color--cyan-bluish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--preset--color--light-green-cyan: #7bdcb5;--wp--preset--color--vivid-green-cyan: #00d084;--wp--preset--color--pale-cyan-blue: #8ed1fc;--wp--preset--color--vivid-cyan-blue: #0693e3;--wp--preset--color--vivid-purple: #9b51e0;--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple: linear-gradient(135deg,rgba(6,147,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradient(135deg,rgba(252,185,0,1) 0%,rgba(255,105,0,1) 100%);--wp--preset--gradient--luminous-vivid-orange-to-vivid-red: linear-gradient(135deg,rgba(255,105,0,1) 0%,rgb(207,46,46) 100%);--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray: linear-gradient(135deg,rgb(238,238,238) 0%,rgb(169,184,195) 100%);--wp--preset--gradient--cool-to-warm-spectrum: linear-gradient(135deg,rgb(74,234,220) 0%,rgb(151,120,209) 20%,rgb(207,42,186) 40%,rgb(238,44,130) 60%,rgb(251,105,98) 80%,rgb(254,248,76) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--wp--preset--gradient--luminous-dusk: linear-gradient(135deg,rgb(255,203,112) 0%,rgb(199,81,192) 50%,rgb(65,88,208) 100%);--wp--preset--gradient--pale-ocean: linear-gradient(135deg,rgb(255,245,203) 0%,rgb(182,227,212) 50%,rgb(51,167,181) 100%);--wp--preset--gradient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-size--medium: 20px;--wp--preset--font-size--large: 36px;--wp--preset--font-size--x-large: 42px;--wp--preset--spacing--20: 0.44rem;--wp--preset--spacing--30: 0.67rem;--wp--preset--spacing--40: 1rem;--wp--preset--spacing--50: 1.5rem;--wp--preset--spacing--60: 2.25rem;--wp--preset--spacing--70: 3.38rem;--wp--preset--spacing--80: 5.06rem;--wp--preset--shadow--natural: 6px 6px 9px rgba(0, 0, 0, 0.2);--wp--preset--shadow--deep: 12px 12px 50px rgba(0, 0, 0, 0.4);--wp--preset--shadow--sharp: 6px 6px 0px rgba(0, 0, 0, 0.2);--wp--preset--shadow--outlined: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}.wp-block-msxcm-cta-block{--wp--preset--color--material-color-brand-dark: #243a5e;--wp--preset--color--material-color-dark-bg-green: #107c10;--wp--preset--color--material-color-dark-bg-dark-orange: #6B2929;}:root { --wp--style--global--content-size: 724px;--wp--style--global--wide-size: 1414px; }:where(body) { margin: 0; }.wp-site-blocks > .alignleft { float: left; margin-right: 2em; }.wp-site-blocks > .alignright { float: right; margin-left: 2em; }.wp-site-blocks > .aligncenter { justify-content: center; margin-left: auto; margin-right: auto; }:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}.is-layout-flow > .alignleft{float: left;margin-inline-start: 0;margin-inline-end: 2em;}.is-layout-flow > .alignright{float: right;margin-inline-start: 2em;margin-inline-end: 0;}.is-layout-flow > .aligncenter{margin-left: auto !important;margin-right: auto !important;}.is-layout-constrained > .alignleft{float: left;margin-inline-start: 0;margin-inline-end: 2em;}.is-layout-constrained > .alignright{float: right;margin-inline-start: 2em;margin-inline-end: 0;}.is-layout-constrained > .aligncenter{margin-left: auto !important;margin-right: auto !important;}.is-layout-constrained > :where(:not(.alignleft):not(.alignright):not(.alignfull)){max-width: var(--wp--style--global--content-size);margin-left: auto !important;margin-right: auto !important;}.is-layout-constrained > .alignwide{max-width: var(--wp--style--global--wide-size);}body .is-layout-flex{display: flex;}.is-layout-flex{flex-wrap: wrap;align-items: center;}.is-layout-flex > :is(*, div){margin: 0;}body .is-layout-grid{display: grid;}.is-layout-grid > :is(*, div){margin: 0;}body{padding-top: 0px;padding-right: 0px;padding-bottom: 0px;padding-left: 0px;}a:where(:not(.wp-element-button)){text-decoration: underline;}:root :where(.wp-element-button, .wp-block-button__link){background-color: #32373c;border-width: 0;color: #fff;font-family: inherit;font-size: inherit;line-height: inherit;padding: calc(0.667em + 2px) calc(1.333em + 2px);text-decoration: none;}.has-black-color{color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-color{color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-color{color: var(--wp--preset--color--white) !important;}.has-pale-pink-color{color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-color{color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-color{color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-color{color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-color{color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-color{color: var(--wp--preset--color--vivid-purple) !important;}.has-black-background-color{background-color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-background-color{background-color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-background-color{background-color: var(--wp--preset--color--white) !important;}.has-pale-pink-background-color{background-color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-background-color{background-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-background-color{background-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-background-color{background-color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-background-color{background-color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-background-color{background-color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-background-color{background-color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-background-color{background-color: var(--wp--preset--color--vivid-purple) !important;}.has-black-border-color{border-color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-border-color{border-color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-border-color{border-color: var(--wp--preset--color--white) !important;}.has-pale-pink-border-color{border-color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-border-color{border-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-border-color{border-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-border-color{border-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-border-color{border-color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-border-color{border-color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-border-color{border-color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-border-color{border-color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-border-color{border-color: var(--wp--preset--color--vivid-purple) !important;}.has-vivid-cyan-blue-to-vivid-purple-gradient-background{background: var(--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple) !important;}.has-light-green-cyan-to-vivid-green-cyan-gradient-background{background: var(--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan) !important;}.has-luminous-vivid-amber-to-luminous-vivid-orange-gradient-background{background: var(--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange) !important;}.has-luminous-vivid-orange-to-vivid-red-gradient-background{background: var(--wp--preset--gradient--luminous-vivid-orange-to-vivid-red) !important;}.has-very-light-gray-to-cyan-bluish-gray-gradient-background{background: var(--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray) !important;}.has-cool-to-warm-spectrum-gradient-background{background: var(--wp--preset--gradient--cool-to-warm-spectrum) !important;}.has-blush-light-purple-gradient-background{background: var(--wp--preset--gradient--blush-light-purple) !important;}.has-blush-bordeaux-gradient-background{background: var(--wp--preset--gradient--blush-bordeaux) !important;}.has-luminous-dusk-gradient-background{background: var(--wp--preset--gradient--luminous-dusk) !important;}.has-pale-ocean-gradient-background{background: var(--wp--preset--gradient--pale-ocean) !important;}.has-electric-grass-gradient-background{background: var(--wp--preset--gradient--electric-grass) !important;}.has-midnight-gradient-background{background: var(--wp--preset--gradient--midnight) !important;}.has-small-font-size{font-size: var(--wp--preset--font-size--small) !important;}.has-medium-font-size{font-size: var(--wp--preset--font-size--medium) !important;}.has-large-font-size{font-size: var(--wp--preset--font-size--large) !important;}.has-x-large-font-size{font-size: var(--wp--preset--font-size--x-large) !important;}.wp-block-msxcm-cta-block.has-material-color-brand-dark-color{color: var(--wp--preset--color--material-color-brand-dark) !important;}.wp-block-msxcm-cta-block.has-material-color-dark-bg-green-color{color: var(--wp--preset--color--material-color-dark-bg-green) !important;}.wp-block-msxcm-cta-block.has-material-color-dark-bg-dark-orange-color{color: var(--wp--preset--color--material-color-dark-bg-dark-orange) !important;}.wp-block-msxcm-cta-block.has-material-color-brand-dark-background-color{background-color: var(--wp--preset--color--material-color-brand-dark) !important;}.wp-block-msxcm-cta-block.has-material-color-dark-bg-green-background-color{background-color: var(--wp--preset--color--material-color-dark-bg-green) !important;}.wp-block-msxcm-cta-block.has-material-color-dark-bg-dark-orange-background-color{background-color: var(--wp--preset--color--material-color-dark-bg-dark-orange) !important;}.wp-block-msxcm-cta-block.has-material-color-brand-dark-border-color{border-color: var(--wp--preset--color--material-color-brand-dark) !important;}.wp-block-msxcm-cta-block.has-material-color-dark-bg-green-border-color{border-color: var(--wp--preset--color--material-color-dark-bg-green) !important;}.wp-block-msxcm-cta-block.has-material-color-dark-bg-dark-orange-border-color{border-color: var(--wp--preset--color--material-color-dark-bg-dark-orange) !important;} :where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;} :where(.wp-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;} :root :where(.wp-block-pullquote){font-size: 1.5em;line-height: 1.6;} </style> <link rel='stylesheet' id='mse-moray-styles-css' href='https://www.microsoft.com/en-us/security/blog/wp-content/themes/security-blog/dist/css/moray-style.css?ver=344c995a9fc78f946e50' type='text/css' media='all' /> <link rel='stylesheet' id='styles-css' href='https://www.microsoft.com/en-us/security/blog/wp-content/themes/security-blog/dist/css/frontend.css?ver=1b4d96d0f0d4585f3c62' type='text/css' media='all' /> <link rel='stylesheet' id='msx-theme-toggle-css' href='https://www.microsoft.com/en-us/security/blog/wp-content/themes/xtheme/dist/css/theme-toggle.css?ver=1732562319' type='text/css' media='all' /> <link rel='stylesheet' id='msx-theme-uhf-css' href='https://www.microsoft.com/en-us/security/blog/wp-content/themes/xtheme/dist/css/uhf.css?ver=1732562319' type='text/css' media='all' /> <link rel='stylesheet' id='frontend-styles-css' href='https://www.microsoft.com/en-us/security/blog/wp-content/themes/xtheme/dist/css/frontend-styles.css?ver=1732562319' type='text/css' media='all' /> <link rel='stylesheet' id='fluent-icons-css' href='https://www.microsoft.com/en-us/security/blog/wp-content/themes/xtheme/dist/css/fluent-icons.css?ver=1732562319' type='text/css' media='all' /> <link rel='stylesheet' id='msxcm-styles-css' href='https://www.microsoft.com/en-us/security/blog/wp-content/plugins/cloud-marketing-modules/dist/css/frontend.css?ver=1732562297' type='text/css' media='all' /> <link rel='stylesheet' id='msxcm_related_posts-css' href='https://www.microsoft.com/en-us/security/blog/wp-content/plugins/cloud-marketing-modules/assets/css/related-posts.css?ver=1732562158' type='text/css' media='all' /> <link rel='stylesheet' id='microsoft-uhf-css' href='https://www.microsoft.com/en-us/security/blog/wp-content/plugins/microsoft-uhf/assets/rss.css?ver=0.5.3' type='text/css' media='all' /> <script type="text/javascript" src="https://wcpstatic.microsoft.com/mscc/lib/v2/wcp-consent.js" id="wcp-consent-js"></script> <script type="text/javascript" src="https://js.monitor.azure.com/scripts/c/ms.analytics-web-3.min.js" id="oneds-tracking-js"></script> <script type="text/javascript" src="https://www.microsoft.com/en-us/security/blog/wp-includes/js/jquery/jquery.min.js?ver=3.7.1" id="jquery-core-js"></script> <script type="text/javascript" src="https://www.microsoft.com/en-us/security/blog/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1" id="jquery-migrate-js"></script> <link rel="https://api.w.org/" href="https://www.microsoft.com/en-us/security/blog/wp-json/" /><link rel="alternate" title="JSON" type="application/json" href="https://www.microsoft.com/en-us/security/blog/wp-json/wp/v2/posts/130492" /><link rel='shortlink' href='https://www.microsoft.com/en-us/security/blog/?p=130492' /> <link rel="alternate" title="oEmbed (JSON)" type="application/json+oembed" href="https://www.microsoft.com/en-us/security/blog/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fsecurity%2Fblog%2F2023%2F06%2F14%2Fcadet-blizzard-emerges-as-a-novel-and-distinct-russian-threat-actor%2F" /> <link rel="alternate" title="oEmbed (XML)" type="text/xml+oembed" href="https://www.microsoft.com/en-us/security/blog/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fsecurity%2Fblog%2F2023%2F06%2F14%2Fcadet-blizzard-emerges-as-a-novel-and-distinct-russian-threat-actor%2F&#038;format=xml" /> <!-- Comscore Code --> <script> function comscoreTag() { const s = document.createElement( 'script' ); const src = 'https://www.microsoft.com/library/svy/broker.js'; s.setAttribute( 'src', src ); s.setAttribute('async', 'true'); document.head.appendChild( s ); } </script> <!-- End Comscore Code --> <link rel="stylesheet" href="https://www.microsoft.com/onerfstatics/marketingsites-eus-prod/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/1b-9d8ed9/c9-be0100/a6-e969ef/43-9f2e7c/82-8b5456/a0-5d3913/43-5a5ab8/ca-ae3ce4?ver=2.0&amp;_cf=02242021_3231" type="text/css" media="all" /><!-- Stream WordPress user activity plugin v4.0.2 --> <link rel='manifest' href='https://www.microsoft.com/en-us/security/blog/wp-content/themes/security-blog/manifest.json' /><style type="text/css">.recentcomments a{display:inline !important;padding:0 !important;margin:0 !important;}</style> <!-- Facebook Pixel Code --> <script> function facebookTracking() { !function(f,b,e,v,n,t,s){if(f.fbq)return;n=f.fbq=function(){n.callMethod? n.callMethod.apply(n,arguments):n.queue.push(arguments)};if(!f._fbq)f._fbq=n; n.push=n;n.loaded=!0;n.version='2.0';n.queue=[];t=b.createElement(e);t.async=!0; t.src=v;t.type='ms-delay-type';t.setAttribute('data-ms-type','text/javascript'); s=b.getElementsByTagName(e)[0];s.parentNode.insertBefore(t,s)}(window, document,'script','https://connect.facebook.net/en_US/fbevents.js'); fbq('init', '1770559986549030'); fbq('track', 'PageView'); } </script> <!-- End Facebook Pixel Code --> <!-- LinkedIn Code --> <script type="text/javascript"> var _linkedin_data_partner_id = "7850"; function linkedinTracking(){ var s = document.getElementsByTagName("script")[0]; var b = document.createElement("script"); b.type = "text/javascript";b.async = true; b.src = "https://snap.licdn.com/li.lms-analytics/insight.min.js"; s.parentNode.insertBefore(b, s); } </script> <!-- End LinkedIn Code --> <!-- Google DoubleClick Code --> <script> function doubleclickTracking() { var random = Math.floor(Math.random() * 10000000000); var img = document.createElement('img'); img.src = 'https://googleads.g.doubleclick.net/pagead/viewthroughconversion/862646735/?guid=ON&script=0&random=' + random; img.width = 1; img.height = 1; img.style = 'display:none;'; document.body.appendChild(img); } </script> <!-- End Google DoubleClick Code --> <!-- Microsoft Advertising UET Code --> <script> function microsoftAds() { (function(w, d, t, r, u) { var f, n, i; w[u] = w[u] || [], f = function() { var o = { ti: "4000034" }; o.q = w[u], w[u] = new UET(o), w[u].push("pageLoad") }, n = d.createElement(t), n.src = r, n.async = 1, n.onload = n.onreadystatechange = function() { var s = this.readyState; s && s !== "loaded" && s !== "complete" || (f(), n.onload = n.onreadystatechange = null) }, i = d.getElementsByTagName(t)[0], i.parentNode.insertBefore(n, i) })(window, document, "script", "//bat.bing.com/bat.js", "uetq"); } </script> <!-- End Microsoft Advertising UET Code --> <!-- Clarity Code --> <script type="text/javascript"> function clarityTracking() { (function(c,l,a,r,i,t,y){ c[a]=c[a]||function(){(c[a].q=c[a].q||[]).push(arguments)}; t=l.createElement(r);t.async=1;t.src="https://www.clarity.ms/tag/"+i; t.type='ms-delay-type';t.setAttribute('data-ms-type','text/javascript'); y=l.getElementsByTagName(r)[0];y.parentNode.insertBefore(t,y); })(window, document, "clarity", "script", "coq1z7el3n"); } </script> <!-- End Clarity Code --> <style type="text/css" id="wp-custom-css"> body.term-threat-intelligence .faceted-search-results__items > div:has(> div.promo-banner) { display: none; } </style> <script src="https://www.microsoft.com/onerfstatics/marketingsites-eus-prod/shell/_scrf/js/themes=default/54-af9f9f/d4-fb1f57/e1-a50eee/e7-954872/d8-97d509/f0-251fe2/46-be1318/77-04a268/11-240c7b/63-077520/a4-34de62/f9-a5b2ce/db-bc0148/dc-7e9864/6d-c07ea1/6f-dafe8c/f6-aa5278/73-a24d00/6d-1e7ed0/b7-cadaa7/c4-898cf2/ca-40b7b0/4e-ee3a55/3e-f5c39b/c3-6454d7/f9-7592d3/d0-e64f3e/92-10345d/79-499886/7e-cda2d3/58-ab4971/ca-108466/e0-3c9860/de-884374/1f-100dea/33-abe4df/2b-8e0ae6?ver=2.0&_cf=02242021_3231&iife=1"></script> </head> <body class="post-template-default single single-post postid-130492 single-format-standard microsoft-uhf"> <div id="ms-cookie-banner"></div> <div id="headerArea" class="uhf" data-m='{"cN":"headerArea","cT":"Area_coreuiArea","id":"a1Body","sN":1,"aN":"Body"}'> <div id="headerRegion" data-region-key="headerregion" data-m='{"cN":"headerRegion","cT":"Region_coreui-region","id":"r1a1","sN":1,"aN":"a1"}' > <div id="headerUniversalHeader" data-m='{"cN":"headerUniversalHeader","cT":"Module_coreui-universalheader","id":"m1r1a1","sN":1,"aN":"r1a1"}' data-module-id="Category|headerRegion|coreui-region|headerUniversalHeader|coreui-universalheader"> <a id="uhfSkipToMain" class="m-skip-to-main" href="javascript:void(0)" data-href="#mainContent" tabindex="0" data-m='{"cN":"Skip to content_nonnav","id":"nn1m1r1a1","sN":1,"aN":"m1r1a1"}'>Skip to main content</a> <header class="c-uhfh context-uhf no-js c-sgl-stck c-category-header " itemscope="itemscope" data-header-footprint="/MSSecurity/MSSecurityHeader, fromService: True" data-magict="true" itemtype="http://schema.org/Organization"> <div class="theme-light js-global-head f-closed global-head-cont" data-m='{"cN":"Universal Header_cont","cT":"Container","id":"c2m1r1a1","sN":2,"aN":"m1r1a1"}'> <div class="c-uhfh-gcontainer-st"> <button type="button" class="c-action-trigger c-glyph glyph-global-nav-button" aria-label="All Microsoft expand to see list of Microsoft products and services" initialState-label="All Microsoft expand to see list of Microsoft products and services" toggleState-label="Close All Microsoft list" aria-expanded="false" data-m='{"cN":"Mobile menu button_nonnav","id":"nn1c2m1r1a1","sN":1,"aN":"c2m1r1a1"}'></button> <button type="button" class="c-action-trigger c-glyph glyph-arrow-htmllegacy c-close-search" aria-label="Close search" aria-expanded="false" data-m='{"cN":"Close Search_nonnav","id":"nn2c2m1r1a1","sN":2,"aN":"c2m1r1a1"}'></button> <a id="uhfLogo" class="c-logo c-sgl-stk-uhfLogo" itemprop="url" href="https://www.microsoft.com" aria-label="Microsoft" data-m='{"cN":"GlobalNav_Logo_cont","cT":"Container","id":"c3c2m1r1a1","sN":3,"aN":"c2m1r1a1"}'> <img alt="" itemprop="logo" class="c-image" src="https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1Mu3b?ver=5c31" role="presentation" aria-hidden="true" /> <span itemprop="name" role="presentation" aria-hidden="true">Microsoft</span> </a> <div class="f-mobile-title"> <button type="button" class="c-action-trigger c-glyph glyph-chevron-left" aria-label="See more menu options" data-m='{"cN":"Mobile back button_nonnav","id":"nn4c2m1r1a1","sN":4,"aN":"c2m1r1a1"}'></button> <span data-global-title="Microsoft home" class="js-mobile-title">Microsoft Security</span> <button type="button" class="c-action-trigger c-glyph glyph-chevron-right" aria-label="See more menu options" data-m='{"cN":"Mobile forward button_nonnav","id":"nn5c2m1r1a1","sN":5,"aN":"c2m1r1a1"}'></button> </div> <div class="c-show-pipe x-hidden-vp-mobile-st"> <a id="uhfCatLogo" class="c-logo c-cat-logo" href="https://www.microsoft.com/en-us/security" aria-label="Microsoft Security" itemprop="url" data-m='{"cN":"CatNav_Microsoft Security_nav","id":"n6c2m1r1a1","sN":6,"aN":"c2m1r1a1"}'> <span>Microsoft Security</span> </a> </div> <div class="cat-logo-button-cont x-hidden"> <button type="button" id="uhfCatLogoButton" class="c-cat-logo-button x-hidden" aria-expanded="false" aria-label="Microsoft Security" data-m='{"cN":"Microsoft Security_nonnav","id":"nn7c2m1r1a1","sN":7,"aN":"c2m1r1a1"}'> Microsoft Security </button> </div> <nav id="uhf-g-nav" aria-label="Contextual menu" class="c-uhfh-gnav" data-m='{"cN":"Category nav_cont","cT":"Container","id":"c8c2m1r1a1","sN":8,"aN":"c2m1r1a1"}'> <ul class="js-paddle-items"> <li class="single-link js-nav-menu x-hidden-none-mobile-vp uhf-menu-item"> <a class="c-uhf-nav-link" href="https://www.microsoft.com/en-us/security" data-m='{"cN":"CatNav_Home_nav","id":"n1c8c2m1r1a1","sN":1,"aN":"c8c2m1r1a1"}' > Home </a> </li> <li class="nested-menu uhf-menu-item"> <div class="c-uhf-menu js-nav-menu"> <button type="button" id="c-shellmenu_40" aria-expanded="false" data-m='{"id":"nn2c8c2m1r1a1","sN":2,"aN":"c8c2m1r1a1"}'>Solutions</button> <ul class="" data-class-idn="" aria-hidden="true" data-m='{"cT":"Container","id":"c3c8c2m1r1a1","sN":3,"aN":"c8c2m1r1a1"}'> <li class="js-nav-menu single-link" data-m='{"cN":"Solutions_AI_cont","cT":"Container","id":"c1c3c8c2m1r1a1","sN":1,"aN":"c3c8c2m1r1a1"}'> <a id="c-shellmenu_41" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/solutions/generative-ai-cybersecurity" data-m='{"cN":"CatNav_Solutions_AI_nav","id":"n1c1c3c8c2m1r1a1","sN":1,"aN":"c1c3c8c2m1r1a1"}'>AI-powered cybersecurity</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"Solutions_CloudSecurity_cont","cT":"Container","id":"c2c3c8c2m1r1a1","sN":2,"aN":"c3c8c2m1r1a1"}'> <a id="c-shellmenu_42" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/solutions/cloud-security" data-m='{"cN":"CatNav_Solutions_CloudSecurity_nav","id":"n1c2c3c8c2m1r1a1","sN":1,"aN":"c2c3c8c2m1r1a1"}'>Cloud security</a> </li> <li class="js-nav-menu single-link" data-m='{"cT":"Container","id":"c3c3c8c2m1r1a1","sN":3,"aN":"c3c8c2m1r1a1"}'> <a id="c-shellmenu_43" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/solutions/data-security" data-m='{"id":"n1c3c3c8c2m1r1a1","sN":1,"aN":"c3c3c8c2m1r1a1"}'>Data security</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"Solutions_IdentityAccess_cont","cT":"Container","id":"c4c3c8c2m1r1a1","sN":4,"aN":"c3c8c2m1r1a1"}'> <a id="c-shellmenu_44" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/solutions/identity-access" data-m='{"cN":"CatNav_Solutions_IdentityAccess_nav","id":"n1c4c3c8c2m1r1a1","sN":1,"aN":"c4c3c8c2m1r1a1"}'>Identity &amp; network access</a> </li> <li class="js-nav-menu single-link" data-m='{"cT":"Container","id":"c5c3c8c2m1r1a1","sN":5,"aN":"c3c8c2m1r1a1"}'> <a id="c-shellmenu_45" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/solutions/privacy-risk-management" data-m='{"id":"n1c5c3c8c2m1r1a1","sN":1,"aN":"c5c3c8c2m1r1a1"}'>Privacy &amp; risk management</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"Solutions_SecureAI_cont","cT":"Container","id":"c6c3c8c2m1r1a1","sN":6,"aN":"c3c8c2m1r1a1"}'> <a id="c-shellmenu_46" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/solutions/security-for-ai " data-m='{"cN":"CatNav_Solutions_SecureAI_nav","id":"n1c6c3c8c2m1r1a1","sN":1,"aN":"c6c3c8c2m1r1a1"}'>Security for AI</a> </li> <li class="js-nav-menu single-link" data-m='{"cT":"Container","id":"c7c3c8c2m1r1a1","sN":7,"aN":"c3c8c2m1r1a1"}'> <a id="c-shellmenu_47" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/solutions/ai-powered-unified-secops-platform" data-m='{"id":"n1c7c3c8c2m1r1a1","sN":1,"aN":"c7c3c8c2m1r1a1"}'>Unified SecOps</a> </li> <li class="js-nav-menu single-link" data-m='{"cT":"Container","id":"c8c3c8c2m1r1a1","sN":8,"aN":"c3c8c2m1r1a1"}'> <a id="c-shellmenu_48" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/zero-trust" data-m='{"id":"n1c8c3c8c2m1r1a1","sN":1,"aN":"c8c3c8c2m1r1a1"}'>Zero Trust</a> </li> </ul> </div> </li> <li class="nested-menu uhf-menu-item"> <div class="c-uhf-menu js-nav-menu"> <button type="button" id="c-shellmenu_49" aria-expanded="false" data-m='{"id":"nn4c8c2m1r1a1","sN":4,"aN":"c8c2m1r1a1"}'>Products</button> <ul class="f-multi-column f-multi-column-6" data-class-idn="f-multi-column f-multi-column-6" aria-hidden="true" data-m='{"cT":"Container","id":"c5c8c2m1r1a1","sN":5,"aN":"c8c2m1r1a1"}'> <li class="f-sub-menu js-nav-menu nested-menu" data-m='{"cT":"Container","id":"c1c5c8c2m1r1a1","sN":1,"aN":"c5c8c2m1r1a1"}'> <span id="uhf-navspn-shellmenu_50-span" style="display:none" f-multi-parent="true" aria-expanded="false" data-m='{"id":"nn1c1c5c8c2m1r1a1","sN":1,"aN":"c1c5c8c2m1r1a1"}'>Product families</span> <button id="uhf-navbtn-shellmenu_50-button" type="button" f-multi-parent="true" aria-expanded="false" data-m='{"id":"nn2c1c5c8c2m1r1a1","sN":2,"aN":"c1c5c8c2m1r1a1"}'>Product families</button> <ul aria-hidden="true" aria-labelledby="uhf-navspn-shellmenu_50-span"> <li class="js-nav-menu single-link" data-m='{"cN":"Products_DefenderFamily_cont","cT":"Container","id":"c3c1c5c8c2m1r1a1","sN":3,"aN":"c1c5c8c2m1r1a1"}'> <a id="shellmenu_51" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/microsoft-defender" data-m='{"cN":"CatNav_Products_DefenderFamily_nav","id":"n1c3c1c5c8c2m1r1a1","sN":1,"aN":"c3c1c5c8c2m1r1a1"}'>Microsoft Defender</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"Products_EntraFamily_cont","cT":"Container","id":"c4c1c5c8c2m1r1a1","sN":4,"aN":"c1c5c8c2m1r1a1"}'> <a id="shellmenu_52" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/microsoft-entra" data-m='{"cN":"CatNav_Products_EntraFamily_nav","id":"n1c4c1c5c8c2m1r1a1","sN":1,"aN":"c4c1c5c8c2m1r1a1"}'>Microsoft Entra</a> </li> <li class="js-nav-menu single-link" data-m='{"cT":"Container","id":"c5c1c5c8c2m1r1a1","sN":5,"aN":"c1c5c8c2m1r1a1"}'> <a id="shellmenu_53" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/microsoft-Intune" data-m='{"id":"n1c5c1c5c8c2m1r1a1","sN":1,"aN":"c5c1c5c8c2m1r1a1"}'>Microsoft Intune</a> </li> <li class="js-nav-menu single-link" data-m='{"cT":"Container","id":"c6c1c5c8c2m1r1a1","sN":6,"aN":"c1c5c8c2m1r1a1"}'> <a id="shellmenu_54" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/microsoft-priva" data-m='{"id":"n1c6c1c5c8c2m1r1a1","sN":1,"aN":"c6c1c5c8c2m1r1a1"}'>Microsoft Priva</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"Products_PurviewFamily_cont","cT":"Container","id":"c7c1c5c8c2m1r1a1","sN":7,"aN":"c1c5c8c2m1r1a1"}'> <a id="shellmenu_55" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/microsoft-purview" data-m='{"cN":"CatNav_Products_PurviewFamily_nav","id":"n1c7c1c5c8c2m1r1a1","sN":1,"aN":"c7c1c5c8c2m1r1a1"}'>Microsoft Purview</a> </li> <li class="js-nav-menu single-link" data-m='{"cT":"Container","id":"c8c1c5c8c2m1r1a1","sN":8,"aN":"c1c5c8c2m1r1a1"}'> <a id="shellmenu_56" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/siem-and-xdr/microsoft-sentinel" data-m='{"id":"n1c8c1c5c8c2m1r1a1","sN":1,"aN":"c8c1c5c8c2m1r1a1"}'>Microsoft Sentinel</a> </li> </ul> </li> <li class="f-sub-menu js-nav-menu nested-menu" data-m='{"cT":"Container","id":"c2c5c8c2m1r1a1","sN":2,"aN":"c5c8c2m1r1a1"}'> <span id="uhf-navspn-shellmenu_57-span" style="display:none" f-multi-parent="true" aria-expanded="false" data-m='{"id":"nn1c2c5c8c2m1r1a1","sN":1,"aN":"c2c5c8c2m1r1a1"}'>Security AI</span> <button id="uhf-navbtn-shellmenu_57-button" type="button" f-multi-parent="true" aria-expanded="false" data-m='{"id":"nn2c2c5c8c2m1r1a1","sN":2,"aN":"c2c5c8c2m1r1a1"}'>Security AI</button> <ul aria-hidden="true" aria-labelledby="uhf-navspn-shellmenu_57-span"> <li class="js-nav-menu single-link" data-m='{"cT":"Container","id":"c3c2c5c8c2m1r1a1","sN":3,"aN":"c2c5c8c2m1r1a1"}'> <a id="shellmenu_58" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/ai-machine-learning/microsoft-security-copilot" data-m='{"id":"n1c3c2c5c8c2m1r1a1","sN":1,"aN":"c3c2c5c8c2m1r1a1"}'>Microsoft Security Copilot</a> </li> </ul> </li> <li class="f-sub-menu js-nav-menu nested-menu" data-m='{"cT":"Container","id":"c3c5c8c2m1r1a1","sN":3,"aN":"c5c8c2m1r1a1"}'> <span id="uhf-navspn-shellmenu_59-span" style="display:none" f-multi-parent="true" aria-expanded="false" data-m='{"id":"nn1c3c5c8c2m1r1a1","sN":1,"aN":"c3c5c8c2m1r1a1"}'>Identity &amp; access</span> <button id="uhf-navbtn-shellmenu_59-button" type="button" f-multi-parent="true" aria-expanded="false" data-m='{"id":"nn2c3c5c8c2m1r1a1","sN":2,"aN":"c3c5c8c2m1r1a1"}'>Identity &amp; access</button> <ul aria-hidden="true" aria-labelledby="uhf-navspn-shellmenu_59-span"> <li class="js-nav-menu single-link" data-m='{"cN":"Products_EntraID_cont","cT":"Container","id":"c3c3c5c8c2m1r1a1","sN":3,"aN":"c3c5c8c2m1r1a1"}'> <a id="shellmenu_60" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/identity-access/microsoft-entra-id" data-m='{"cN":"CatNav_Products_EntraID_nav","id":"n1c3c3c5c8c2m1r1a1","sN":1,"aN":"c3c3c5c8c2m1r1a1"}'>Microsoft Entra ID (Azure Active Directory)</a> </li> <li class="js-nav-menu single-link" data-m='{"cT":"Container","id":"c4c3c5c8c2m1r1a1","sN":4,"aN":"c3c5c8c2m1r1a1"}'> <a id="shellmenu_61" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/identity-access/microsoft-entra-external-id" data-m='{"id":"n1c4c3c5c8c2m1r1a1","sN":1,"aN":"c4c3c5c8c2m1r1a1"}'>Microsoft Entra External ID</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"Microsoft Entra ID Governance_cont","cT":"Container","id":"c5c3c5c8c2m1r1a1","sN":5,"aN":"c3c5c8c2m1r1a1"}'> <a id="shellmenu_62" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/identity-access/microsoft-entra-id-governance" data-m='{"cN":"CatNav_Microsoft Entra ID Governance_nav","id":"n1c5c3c5c8c2m1r1a1","sN":1,"aN":"c5c3c5c8c2m1r1a1"}'>Microsoft Entra ID Governance</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"Products_IDProtection_cont","cT":"Container","id":"c6c3c5c8c2m1r1a1","sN":6,"aN":"c3c5c8c2m1r1a1"}'> <a id="shellmenu_63" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/identity-access/microsoft-entra-id-protection " data-m='{"cN":"CatNav_Products_IDProtection_nav","id":"n1c6c3c5c8c2m1r1a1","sN":1,"aN":"c6c3c5c8c2m1r1a1"}'>Microsoft Entra ID Protection</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"Products_InternetAccess_cont","cT":"Container","id":"c7c3c5c8c2m1r1a1","sN":7,"aN":"c3c5c8c2m1r1a1"}'> <a id="shellmenu_64" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/identity-access/microsoft-entra-internet-access" data-m='{"cN":"CatNav_Products_InternetAccess_nav","id":"n1c7c3c5c8c2m1r1a1","sN":1,"aN":"c7c3c5c8c2m1r1a1"}'>Microsoft Entra Internet Access</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"Products_PrivateAccess_cont","cT":"Container","id":"c8c3c5c8c2m1r1a1","sN":8,"aN":"c3c5c8c2m1r1a1"}'> <a id="shellmenu_65" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/identity-access/microsoft-entra-private-access" data-m='{"cN":"CatNav_Products_PrivateAccess_nav","id":"n1c8c3c5c8c2m1r1a1","sN":1,"aN":"c8c3c5c8c2m1r1a1"}'>Microsoft Entra Private Access</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"Products_PermissionsManagement_cont","cT":"Container","id":"c9c3c5c8c2m1r1a1","sN":9,"aN":"c3c5c8c2m1r1a1"}'> <a id="shellmenu_66" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/identity-access/microsoft-entra-permissions-management " data-m='{"cN":"CatNav_Products_PermissionsManagement_nav","id":"n1c9c3c5c8c2m1r1a1","sN":1,"aN":"c9c3c5c8c2m1r1a1"}'>Microsoft Entra Permissions Management</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"Products_VerifiedID_cont","cT":"Container","id":"c10c3c5c8c2m1r1a1","sN":10,"aN":"c3c5c8c2m1r1a1"}'> <a id="shellmenu_67" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/identity-access/microsoft-entra-verified-id" data-m='{"cN":"CatNav_Products_VerifiedID_nav","id":"n1c10c3c5c8c2m1r1a1","sN":1,"aN":"c10c3c5c8c2m1r1a1"}'>Microsoft Entra Verified ID</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"Products_WorkloadID_cont","cT":"Container","id":"c11c3c5c8c2m1r1a1","sN":11,"aN":"c3c5c8c2m1r1a1"}'> <a id="shellmenu_68" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/identity-access/microsoft-entra-workload-id" data-m='{"cN":"CatNav_Products_WorkloadID_nav","id":"n1c11c3c5c8c2m1r1a1","sN":1,"aN":"c11c3c5c8c2m1r1a1"}'>Microsoft Entra Workload ID</a> </li> <li class="js-nav-menu single-link" data-m='{"cT":"Container","id":"c12c3c5c8c2m1r1a1","sN":12,"aN":"c3c5c8c2m1r1a1"}'> <a id="shellmenu_69" class="js-subm-uhf-nav-link" href="https://azure.microsoft.com/en-us/products/microsoft-entra-ds" data-m='{"id":"n1c12c3c5c8c2m1r1a1","sN":1,"aN":"c12c3c5c8c2m1r1a1"}'>Microsoft Entra Domain Services</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"Products_AzureKeyVault_cont","cT":"Container","id":"c13c3c5c8c2m1r1a1","sN":13,"aN":"c3c5c8c2m1r1a1"}'> <a id="shellmenu_70" class="js-subm-uhf-nav-link" href="https://azure.microsoft.com/en-us/products/key-vault/" data-m='{"cN":"CatNav_Products_AzureKeyVault_nav","id":"n1c13c3c5c8c2m1r1a1","sN":1,"aN":"c13c3c5c8c2m1r1a1"}'>Azure Key Vault</a> </li> </ul> </li> <li class="f-sub-menu js-nav-menu nested-menu" data-m='{"cT":"Container","id":"c4c5c8c2m1r1a1","sN":4,"aN":"c5c8c2m1r1a1"}'> <span id="uhf-navspn-shellmenu_71-span" style="display:none" f-multi-parent="true" aria-expanded="false" data-m='{"id":"nn1c4c5c8c2m1r1a1","sN":1,"aN":"c4c5c8c2m1r1a1"}'>SIEM &amp; XDR</span> <button id="uhf-navbtn-shellmenu_71-button" type="button" f-multi-parent="true" aria-expanded="false" data-m='{"id":"nn2c4c5c8c2m1r1a1","sN":2,"aN":"c4c5c8c2m1r1a1"}'>SIEM &amp; XDR</button> <ul aria-hidden="true" aria-labelledby="uhf-navspn-shellmenu_71-span"> <li class="js-nav-menu single-link" data-m='{"cT":"Container","id":"c3c4c5c8c2m1r1a1","sN":3,"aN":"c4c5c8c2m1r1a1"}'> <a id="shellmenu_72" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/siem-and-xdr/microsoft-sentinel" data-m='{"id":"n1c3c4c5c8c2m1r1a1","sN":1,"aN":"c3c4c5c8c2m1r1a1"}'>Microsoft Sentinel</a> </li> <li class="js-nav-menu single-link" data-m='{"cT":"Container","id":"c4c4c5c8c2m1r1a1","sN":4,"aN":"c4c5c8c2m1r1a1"}'> <a id="shellmenu_73" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/cloud-security/microsoft-defender-cloud" data-m='{"id":"n1c4c4c5c8c2m1r1a1","sN":1,"aN":"c4c4c5c8c2m1r1a1"}'>Microsoft Defender for Cloud</a> </li> <li class="js-nav-menu single-link" data-m='{"cT":"Container","id":"c5c4c5c8c2m1r1a1","sN":5,"aN":"c4c5c8c2m1r1a1"}'> <a id="shellmenu_74" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/siem-and-xdr/microsoft-defender-xdr" data-m='{"id":"n1c5c4c5c8c2m1r1a1","sN":1,"aN":"c5c4c5c8c2m1r1a1"}'>Microsoft Defender XDR</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"Products_DefenderEndpoint_cont","cT":"Container","id":"c6c4c5c8c2m1r1a1","sN":6,"aN":"c4c5c8c2m1r1a1"}'> <a id="shellmenu_75" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/endpoint-security/microsoft-defender-endpoint" data-m='{"cN":"CatNav_Products_DefenderEndpoint_nav","id":"n1c6c4c5c8c2m1r1a1","sN":1,"aN":"c6c4c5c8c2m1r1a1"}'>Microsoft Defender for Endpoint</a> </li> <li class="js-nav-menu single-link" data-m='{"cT":"Container","id":"c7c4c5c8c2m1r1a1","sN":7,"aN":"c4c5c8c2m1r1a1"}'> <a id="shellmenu_76" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/siem-and-xdr/microsoft-defender-office-365" data-m='{"id":"n1c7c4c5c8c2m1r1a1","sN":1,"aN":"c7c4c5c8c2m1r1a1"}'>Microsoft Defender for Office 365</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"Products_DefenderIdentity_cont","cT":"Container","id":"c8c4c5c8c2m1r1a1","sN":8,"aN":"c4c5c8c2m1r1a1"}'> <a id="shellmenu_77" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/siem-and-xdr/microsoft-defender-for-identity" data-m='{"cN":"CatNav_Products_DefenderIdentity_nav","id":"n1c8c4c5c8c2m1r1a1","sN":1,"aN":"c8c4c5c8c2m1r1a1"}'>Microsoft Defender for Identity</a> </li> <li class="js-nav-menu single-link" data-m='{"cT":"Container","id":"c9c4c5c8c2m1r1a1","sN":9,"aN":"c4c5c8c2m1r1a1"}'> <a id="shellmenu_78" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/siem-and-xdr/microsoft-defender-cloud-apps" data-m='{"id":"n1c9c4c5c8c2m1r1a1","sN":1,"aN":"c9c4c5c8c2m1r1a1"}'>Microsoft Defender for Cloud Apps</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"Microsoft Security Exposure Management_cont","cT":"Container","id":"c10c4c5c8c2m1r1a1","sN":10,"aN":"c4c5c8c2m1r1a1"}'> <a id="shellmenu_79" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/siem-and-xdr/microsoft-security-exposure-management" data-m='{"cN":"CatNav_Microsoft Security Exposure Management_nav","id":"n1c10c4c5c8c2m1r1a1","sN":1,"aN":"c10c4c5c8c2m1r1a1"}'>Microsoft Security Exposure Management</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"Products_DefenderVulnerability_cont","cT":"Container","id":"c11c4c5c8c2m1r1a1","sN":11,"aN":"c4c5c8c2m1r1a1"}'> <a id="shellmenu_80" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/threat-protection/microsoft-defender-vulnerability-management " data-m='{"cN":"CatNav_Products_DefenderVulnerability_nav","id":"n1c11c4c5c8c2m1r1a1","sN":1,"aN":"c11c4c5c8c2m1r1a1"}'>Microsoft Defender Vulnerability Management</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"Products_DefenderTI_cont","cT":"Container","id":"c12c4c5c8c2m1r1a1","sN":12,"aN":"c4c5c8c2m1r1a1"}'> <a id="shellmenu_81" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/siem-and-xdr/microsoft-defender-threat-intelligence" data-m='{"cN":"CatNav_Products_DefenderTI_nav","id":"n1c12c4c5c8c2m1r1a1","sN":1,"aN":"c12c4c5c8c2m1r1a1"}'>Microsoft Defender Threat Intelligence</a> </li> </ul> </li> <li class="f-sub-menu js-nav-menu nested-menu" data-m='{"cT":"Container","id":"c5c5c8c2m1r1a1","sN":5,"aN":"c5c8c2m1r1a1"}'> <span id="uhf-navspn-shellmenu_82-span" style="display:none" f-multi-parent="true" aria-expanded="false" data-m='{"id":"nn1c5c5c8c2m1r1a1","sN":1,"aN":"c5c5c8c2m1r1a1"}'>Cloud security</span> <button id="uhf-navbtn-shellmenu_82-button" type="button" f-multi-parent="true" aria-expanded="false" data-m='{"id":"nn2c5c5c8c2m1r1a1","sN":2,"aN":"c5c5c8c2m1r1a1"}'>Cloud security</button> <ul aria-hidden="true" aria-labelledby="uhf-navspn-shellmenu_82-span"> <li class="js-nav-menu single-link" data-m='{"cN":"Products_DefenderCloud_cont","cT":"Container","id":"c3c5c5c8c2m1r1a1","sN":3,"aN":"c5c5c8c2m1r1a1"}'> <a id="shellmenu_83" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/cloud-security/microsoft-defender-cloud" data-m='{"cN":"CatNav_Products_DefenderCloud_nav","id":"n1c3c5c5c8c2m1r1a1","sN":1,"aN":"c3c5c5c8c2m1r1a1"}'>Microsoft Defender for Cloud</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"Products_DefenderCSPM_cont","cT":"Container","id":"c4c5c5c8c2m1r1a1","sN":4,"aN":"c5c5c8c2m1r1a1"}'> <a id="shellmenu_84" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/cloud-security/microsoft-defender-cloud-security-posture-management" data-m='{"cN":"CatNav_Products_DefenderCSPM_nav","id":"n1c4c5c5c8c2m1r1a1","sN":1,"aN":"c4c5c5c8c2m1r1a1"}'>Microsoft Defender Cloud Security Posture Mgmt</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"Products_DefenderEASM_cont","cT":"Container","id":"c5c5c5c8c2m1r1a1","sN":5,"aN":"c5c5c8c2m1r1a1"}'> <a id="shellmenu_85" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/security/business/cloud-security/microsoft-defender-external-attack-surface-management" data-m='{"cN":"CatNav_Products_DefenderEASM_nav","id":"n1c5c5c5c8c2m1r1a1","sN":1,"aN":"c5c5c5c8c2m1r1a1"}'>Microsoft Defender External Attack Surface Management</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"Products_AzureFirewall_cont","cT":"Container","id":"c6c5c5c8c2m1r1a1","sN":6,"aN":"c5c5c8c2m1r1a1"}'> <a id="shellmenu_86" class="js-subm-uhf-nav-link" href="https://azure.microsoft.com/en-us/services/azure-firewall/" data-m='{"cN":"CatNav_Products_AzureFirewall_nav","id":"n1c6c5c5c8c2m1r1a1","sN":1,"aN":"c6c5c5c8c2m1r1a1"}'>Azure Firewall</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"Products_AzureWebAppFirewall_cont","cT":"Container","id":"c7c5c5c8c2m1r1a1","sN":7,"aN":"c5c5c8c2m1r1a1"}'> <a id="shellmenu_87" class="js-subm-uhf-nav-link" href="https://azure.microsoft.com/en-us/products/web-application-firewall/" data-m='{"cN":"CatNav_Products_AzureWebAppFirewall_nav","id":"n1c7c5c5c8c2m1r1a1","sN":1,"aN":"c7c5c5c8c2m1r1a1"}'>Azure Web App Firewall</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"Products_AzureDDoSProtection_cont","cT":"Container","id":"c8c5c5c8c2m1r1a1","sN":8,"aN":"c5c5c8c2m1r1a1"}'> <a id="shellmenu_88" class="js-subm-uhf-nav-link" href="https://azure.microsoft.com/en-us/products/ddos-protection/" data-m='{"cN":"CatNav_Products_AzureDDoSProtection_nav","id":"n1c8c5c5c8c2m1r1a1","sN":1,"aN":"c8c5c5c8c2m1r1a1"}'>Azure DDoS Protection</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"Products_GitHubAdvancedSecurty_cont","cT":"Container","id":"c9c5c5c8c2m1r1a1","sN":9,"aN":"c5c5c8c2m1r1a1"}'> <a id="shellmenu_89" class="js-subm-uhf-nav-link" href="https://github.com/features/security" data-m='{"cN":"CatNav_Products_GitHubAdvancedSecurty_nav","id":"n1c9c5c5c8c2m1r1a1","sN":1,"aN":"c9c5c5c8c2m1r1a1"}'>GitHub Advanced Security</a> </li> </ul> </li> <li class="f-sub-menu js-nav-menu nested-menu" data-m='{"cT":"Container","id":"c6c5c8c2m1r1a1","sN":6,"aN":"c5c8c2m1r1a1"}'> <span id="uhf-navspn-shellmenu_90-span" style="display:none" f-multi-parent="true" aria-expanded="false" data-m='{"id":"nn1c6c5c8c2m1r1a1","sN":1,"aN":"c6c5c8c2m1r1a1"}'>Endpoint security &amp; management</span> <button id="uhf-navbtn-shellmenu_90-button" type="button" f-multi-parent="true" aria-expanded="false" data-m='{"id":"nn2c6c5c8c2m1r1a1","sN":2,"aN":"c6c5c8c2m1r1a1"}'>Endpoint security &amp; management</button> <ul aria-hidden="true" aria-labelledby="uhf-navspn-shellmenu_90-span"> <li class="js-nav-menu single-link" data-m='{"cN":"Products_DefenderEndpoint_cont","cT":"Container","id":"c3c6c5c8c2m1r1a1","sN":3,"aN":"c6c5c8c2m1r1a1"}'> <a id="shellmenu_91" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/endpoint-security/microsoft-defender-endpoint" data-m='{"cN":"CatNav_Products_DefenderEndpoint_nav","id":"n1c3c6c5c8c2m1r1a1","sN":1,"aN":"c3c6c5c8c2m1r1a1"}'>Microsoft Defender for Endpoint</a> </li> <li class="js-nav-menu single-link" data-m='{"cT":"Container","id":"c4c6c5c8c2m1r1a1","sN":4,"aN":"c6c5c8c2m1r1a1"}'> <a id="shellmenu_92" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/siem-and-xdr/microsoft-defender-xdr" data-m='{"id":"n1c4c6c5c8c2m1r1a1","sN":1,"aN":"c4c6c5c8c2m1r1a1"}'>Microsoft Defender XDR</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"Products_DefenderforBusiness_cont","cT":"Container","id":"c5c6c5c8c2m1r1a1","sN":5,"aN":"c6c5c8c2m1r1a1"}'> <a id="shellmenu_93" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/endpoint-security/microsoft-defender-business" data-m='{"cN":"CatNav_Products_DefenderforBusiness_nav","id":"n1c5c6c5c8c2m1r1a1","sN":1,"aN":"c5c6c5c8c2m1r1a1"}'>Microsoft Defender for Business</a> </li> <li class="js-nav-menu single-link" data-m='{"cT":"Container","id":"c6c6c5c8c2m1r1a1","sN":6,"aN":"c6c5c8c2m1r1a1"}'> <a id="shellmenu_94" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/endpoint-management/microsoft-intune" data-m='{"id":"n1c6c6c5c8c2m1r1a1","sN":1,"aN":"c6c6c5c8c2m1r1a1"}'>Microsoft Intune core capabilities</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"Products_DefenderIoT_cont","cT":"Container","id":"c7c6c5c8c2m1r1a1","sN":7,"aN":"c6c5c8c2m1r1a1"}'> <a id="shellmenu_95" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/endpoint-security/microsoft-defender-iot" data-m='{"cN":"CatNav_Products_DefenderIoT_nav","id":"n1c7c6c5c8c2m1r1a1","sN":1,"aN":"c7c6c5c8c2m1r1a1"}'>Microsoft Defender for IoT</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"Products_DefenderVulnerability_cont","cT":"Container","id":"c8c6c5c8c2m1r1a1","sN":8,"aN":"c6c5c8c2m1r1a1"}'> <a id="shellmenu_96" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/threat-protection/microsoft-defender-vulnerability-management " data-m='{"cN":"CatNav_Products_DefenderVulnerability_nav","id":"n1c8c6c5c8c2m1r1a1","sN":1,"aN":"c8c6c5c8c2m1r1a1"}'>Microsoft Defender Vulnerability Management</a> </li> <li class="js-nav-menu single-link" data-m='{"cT":"Container","id":"c9c6c5c8c2m1r1a1","sN":9,"aN":"c6c5c8c2m1r1a1"}'> <a id="shellmenu_97" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/endpoint-management/microsoft-intune-advanced-analytics" data-m='{"id":"n1c9c6c5c8c2m1r1a1","sN":1,"aN":"c9c6c5c8c2m1r1a1"}'>Microsoft Intune Advanced Analytics</a> </li> <li class="js-nav-menu single-link" data-m='{"cT":"Container","id":"c10c6c5c8c2m1r1a1","sN":10,"aN":"c6c5c8c2m1r1a1"}'> <a id="shellmenu_98" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/endpoint-management/microsoft-intune-endpoint-privilege-management" data-m='{"id":"n1c10c6c5c8c2m1r1a1","sN":1,"aN":"c10c6c5c8c2m1r1a1"}'>Microsoft Intune Endpoint Privilege Management​</a> </li> <li class="js-nav-menu single-link" data-m='{"cT":"Container","id":"c11c6c5c8c2m1r1a1","sN":11,"aN":"c6c5c8c2m1r1a1"}'> <a id="shellmenu_99" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/endpoint-management/microsoft-intune-enterprise-application-management" data-m='{"id":"n1c11c6c5c8c2m1r1a1","sN":1,"aN":"c11c6c5c8c2m1r1a1"}'>Microsoft Intune Enterprise Application Management</a> </li> <li class="js-nav-menu single-link" data-m='{"cT":"Container","id":"c12c6c5c8c2m1r1a1","sN":12,"aN":"c6c5c8c2m1r1a1"}'> <a id="shellmenu_100" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/endpoint-management/microsoft-intune-remote-help" data-m='{"id":"n1c12c6c5c8c2m1r1a1","sN":1,"aN":"c12c6c5c8c2m1r1a1"}'>Microsoft Intune Remote Help</a> </li> <li class="js-nav-menu single-link" data-m='{"cT":"Container","id":"c13c6c5c8c2m1r1a1","sN":13,"aN":"c6c5c8c2m1r1a1"}'> <a id="shellmenu_101" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/endpoint-management/microsoft-cloud-pki" data-m='{"id":"n1c13c6c5c8c2m1r1a1","sN":1,"aN":"c13c6c5c8c2m1r1a1"}'>Microsoft Cloud PKI</a> </li> </ul> </li> <li class="f-sub-menu js-nav-menu nested-menu" data-m='{"cT":"Container","id":"c7c5c8c2m1r1a1","sN":7,"aN":"c5c8c2m1r1a1"}'> <span id="uhf-navspn-shellmenu_102-span" style="display:none" f-multi-parent="true" aria-expanded="false" data-m='{"id":"nn1c7c5c8c2m1r1a1","sN":1,"aN":"c7c5c8c2m1r1a1"}'>Compliance &amp; privacy</span> <button id="uhf-navbtn-shellmenu_102-button" type="button" f-multi-parent="true" aria-expanded="false" data-m='{"id":"nn2c7c5c8c2m1r1a1","sN":2,"aN":"c7c5c8c2m1r1a1"}'>Compliance &amp; privacy</button> <ul aria-hidden="true" aria-labelledby="uhf-navspn-shellmenu_102-span"> <li class="js-nav-menu single-link" data-m='{"cN":"Products_PurviewCommunicationCompliance_cont","cT":"Container","id":"c3c7c5c8c2m1r1a1","sN":3,"aN":"c7c5c8c2m1r1a1"}'> <a id="shellmenu_103" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/risk-management/microsoft-purview-communication-compliance" data-m='{"cN":"CatNav_Products_PurviewCommunicationCompliance_nav","id":"n1c3c7c5c8c2m1r1a1","sN":1,"aN":"c3c7c5c8c2m1r1a1"}'>Microsoft Purview Communication Compliance</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"Products_PurviewComplianceManager_cont","cT":"Container","id":"c4c7c5c8c2m1r1a1","sN":4,"aN":"c7c5c8c2m1r1a1"}'> <a id="shellmenu_104" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/risk-management/microsoft-purview-compliance-manager" data-m='{"cN":"CatNav_Products_PurviewComplianceManager_nav","id":"n1c4c7c5c8c2m1r1a1","sN":1,"aN":"c4c7c5c8c2m1r1a1"}'>Microsoft Purview Compliance Manager</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"Products_PurviewDataLifecycleManagement_cont","cT":"Container","id":"c5c7c5c8c2m1r1a1","sN":5,"aN":"c7c5c8c2m1r1a1"}'> <a id="shellmenu_105" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/information-protection/microsoft-purview-data-lifecycle-management" data-m='{"cN":"CatNav_Products_PurviewDataLifecycleManagement_nav","id":"n1c5c7c5c8c2m1r1a1","sN":1,"aN":"c5c7c5c8c2m1r1a1"}'>Microsoft Purview Data Lifecycle Management</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"Products_PurvieweDiscovery_cont","cT":"Container","id":"c6c7c5c8c2m1r1a1","sN":6,"aN":"c7c5c8c2m1r1a1"}'> <a id="shellmenu_106" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/risk-management/microsoft-purview-ediscovery" data-m='{"cN":"CatNav_Products_PurvieweDiscovery_nav","id":"n1c6c7c5c8c2m1r1a1","sN":1,"aN":"c6c7c5c8c2m1r1a1"}'>Microsoft Purview eDiscovery </a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"Products_PurviewAudit_cont","cT":"Container","id":"c7c7c5c8c2m1r1a1","sN":7,"aN":"c7c5c8c2m1r1a1"}'> <a id="shellmenu_107" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/risk-management/microsoft-purview-audit" data-m='{"cN":"CatNav_Products_PurviewAudit_nav","id":"n1c7c7c5c8c2m1r1a1","sN":1,"aN":"c7c7c5c8c2m1r1a1"}'>Microsoft Purview Audit</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"Products_PrivaRiskManagement_cont","cT":"Container","id":"c8c7c5c8c2m1r1a1","sN":8,"aN":"c7c5c8c2m1r1a1"}'> <a id="shellmenu_108" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/security/business/privacy/microsoft-priva-risk-management" data-m='{"cN":"CatNav_Products_PrivaRiskManagement_nav","id":"n1c8c7c5c8c2m1r1a1","sN":1,"aN":"c8c7c5c8c2m1r1a1"}'>Microsoft Priva Risk Management</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"Products_PrivaSubjectRightsRequests_cont","cT":"Container","id":"c9c7c5c8c2m1r1a1","sN":9,"aN":"c7c5c8c2m1r1a1"}'> <a id="shellmenu_109" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/security/business/privacy/microsoft-priva-subject-rights-requests" data-m='{"cN":"CatNav_Products_PrivaSubjectRightsRequests_nav","id":"n1c9c7c5c8c2m1r1a1","sN":1,"aN":"c9c7c5c8c2m1r1a1"}'>Microsoft Priva Subject Rights Requests</a> </li> </ul> </li> <li class="f-sub-menu js-nav-menu nested-menu" data-m='{"cT":"Container","id":"c8c5c8c2m1r1a1","sN":8,"aN":"c5c8c2m1r1a1"}'> <span id="uhf-navspn-shellmenu_110-span" style="display:none" f-multi-parent="true" aria-expanded="false" data-m='{"id":"nn1c8c5c8c2m1r1a1","sN":1,"aN":"c8c5c8c2m1r1a1"}'>Data security &amp; governance</span> <button id="uhf-navbtn-shellmenu_110-button" type="button" f-multi-parent="true" aria-expanded="false" data-m='{"id":"nn2c8c5c8c2m1r1a1","sN":2,"aN":"c8c5c8c2m1r1a1"}'>Data security &amp; governance</button> <ul aria-hidden="true" aria-labelledby="uhf-navspn-shellmenu_110-span"> <li class="js-nav-menu single-link" data-m='{"cN":"Products_PurviewInformationProtection_cont","cT":"Container","id":"c3c8c5c8c2m1r1a1","sN":3,"aN":"c8c5c8c2m1r1a1"}'> <a id="shellmenu_111" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/information-protection/microsoft-purview-information-protection" data-m='{"cN":"CatNav_Products_PurviewInformationProtection_nav","id":"n1c3c8c5c8c2m1r1a1","sN":1,"aN":"c3c8c5c8c2m1r1a1"}'>Microsoft Purview Information Protection</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"Products_PurviewInsiderRiskManagement_cont","cT":"Container","id":"c4c8c5c8c2m1r1a1","sN":4,"aN":"c8c5c8c2m1r1a1"}'> <a id="shellmenu_112" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/risk-management/microsoft-purview-insider-risk-management" data-m='{"cN":"CatNav_Products_PurviewInsiderRiskManagement_nav","id":"n1c4c8c5c8c2m1r1a1","sN":1,"aN":"c4c8c5c8c2m1r1a1"}'>Microsoft Purview Insider Risk Management</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"Products_PurviewDataLossPrevention_cont","cT":"Container","id":"c5c8c5c8c2m1r1a1","sN":5,"aN":"c8c5c8c2m1r1a1"}'> <a id="shellmenu_113" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/information-protection/microsoft-purview-data-loss-prevention" data-m='{"cN":"CatNav_Products_PurviewDataLossPrevention_nav","id":"n1c5c8c5c8c2m1r1a1","sN":1,"aN":"c5c8c5c8c2m1r1a1"}'>Microsoft Purview Data Loss Prevention</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"Products_PurviewDataGovernance_cont","cT":"Container","id":"c6c8c5c8c2m1r1a1","sN":6,"aN":"c8c5c8c2m1r1a1"}'> <a id="shellmenu_114" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/risk-management/microsoft-purview-data-governance" data-m='{"cN":"CatNav_Products_PurviewDataGovernance_nav","id":"n1c6c8c5c8c2m1r1a1","sN":1,"aN":"c6c8c5c8c2m1r1a1"}'>Microsoft Purview Data Governance</a> </li> </ul> </li> </ul> </div> </li> <li class="nested-menu uhf-menu-item"> <div class="c-uhf-menu js-nav-menu"> <button type="button" id="c-shellmenu_115" aria-expanded="false" data-m='{"cN":"CatNav_Services_Overview_nonnav","id":"nn6c8c2m1r1a1","sN":6,"aN":"c8c2m1r1a1"}'>Services</button> <ul class="" data-class-idn="" aria-hidden="true" data-m='{"cN":"Services_Overview_cont","cT":"Container","id":"c7c8c2m1r1a1","sN":7,"aN":"c8c2m1r1a1"}'> <li class="js-nav-menu single-link" data-m='{"cN":"Services_MicrosoftSecurityExperts_cont","cT":"Container","id":"c1c7c8c2m1r1a1","sN":1,"aN":"c7c8c2m1r1a1"}'> <a id="c-shellmenu_116" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/services" data-m='{"cN":"CatNav_Services_MicrosoftSecurityExperts_nav","id":"n1c1c7c8c2m1r1a1","sN":1,"aN":"c1c7c8c2m1r1a1"}'>Microsoft Security Experts</a> </li> <li class="js-nav-menu single-link" data-m='{"cT":"Container","id":"c2c7c8c2m1r1a1","sN":2,"aN":"c7c8c2m1r1a1"}'> <a id="c-shellmenu_117" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/services/microsoft-defender-experts-xdr" data-m='{"id":"n1c2c7c8c2m1r1a1","sN":1,"aN":"c2c7c8c2m1r1a1"}'>Microsoft Defender Experts for XDR</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"Services_ExpertsHunting_cont","cT":"Container","id":"c3c7c8c2m1r1a1","sN":3,"aN":"c7c8c2m1r1a1"}'> <a id="c-shellmenu_118" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/services/microsoft-defender-experts-hunting" data-m='{"cN":"CatNav_Services_ExpertsHunting_nav","id":"n1c3c7c8c2m1r1a1","sN":1,"aN":"c3c7c8c2m1r1a1"}'>Microsoft Defender Experts for Hunting</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"Services_ExpertsIncidentResponse_cont","cT":"Container","id":"c4c7c8c2m1r1a1","sN":4,"aN":"c7c8c2m1r1a1"}'> <a id="c-shellmenu_119" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/microsoft-incident-response" data-m='{"cN":"CatNav_Services_ExpertsIncidentResponse_nav","id":"n1c4c7c8c2m1r1a1","sN":1,"aN":"c4c7c8c2m1r1a1"}'>Microsoft Incident Response</a> </li> <li class="js-nav-menu single-link" data-m='{"cT":"Container","id":"c5c7c8c2m1r1a1","sN":5,"aN":"c7c8c2m1r1a1"}'> <a id="c-shellmenu_120" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/services/microsoft-security-enterprise-services" data-m='{"id":"n1c5c7c8c2m1r1a1","sN":1,"aN":"c5c7c8c2m1r1a1"}'>Microsoft Security Enterprise Services</a> </li> </ul> </div> </li> <li class="single-link js-nav-menu uhf-menu-item"> <a id="c-shellmenu_121" class="c-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/partnerships" data-m='{"id":"n8c8c2m1r1a1","sN":8,"aN":"c8c2m1r1a1"}'>Partners</a> </li> <li class="nested-menu uhf-menu-item"> <div class="c-uhf-menu js-nav-menu"> <button type="button" id="c-shellmenu_122" aria-expanded="false" data-m='{"id":"nn9c8c2m1r1a1","sN":9,"aN":"c8c2m1r1a1"}'>Resources</button> <ul class="f-multi-column f-multi-column-5" data-class-idn="f-multi-column f-multi-column-5" aria-hidden="true" data-m='{"cT":"Container","id":"c10c8c2m1r1a1","sN":10,"aN":"c8c2m1r1a1"}'> <li class="f-sub-menu js-nav-menu nested-menu" data-m='{"cT":"Container","id":"c1c10c8c2m1r1a1","sN":1,"aN":"c10c8c2m1r1a1"}'> <span id="uhf-navspn-shellmenu_123-span" style="display:none" f-multi-parent="true" aria-expanded="false" data-m='{"id":"nn1c1c10c8c2m1r1a1","sN":1,"aN":"c1c10c8c2m1r1a1"}'>Get started</span> <button id="uhf-navbtn-shellmenu_123-button" type="button" f-multi-parent="true" aria-expanded="false" data-m='{"id":"nn2c1c10c8c2m1r1a1","sN":2,"aN":"c1c10c8c2m1r1a1"}'>Get started</button> <ul aria-hidden="true" aria-labelledby="uhf-navspn-shellmenu_123-span"> <li class="js-nav-menu single-link" data-m='{"cN":"Resources_CybersecurityAwareness_cont","cT":"Container","id":"c3c1c10c8c2m1r1a1","sN":3,"aN":"c1c10c8c2m1r1a1"}'> <a id="shellmenu_124" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/cybersecurity-awareness" data-m='{"cN":"CatNav_Resources_CybersecurityAwareness_nav","id":"n1c3c1c10c8c2m1r1a1","sN":1,"aN":"c3c1c10c8c2m1r1a1"}'>Cybersecurity awareness</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"Resources_CustomerStories_cont","cT":"Container","id":"c4c1c10c8c2m1r1a1","sN":4,"aN":"c1c10c8c2m1r1a1"}'> <a id="shellmenu_125" class="js-subm-uhf-nav-link" href="https://customers.microsoft.com/en-us/search?sq=Microsoft%20Security&amp;ff=&amp;p=0&amp;so=story_publish_date%20desc" data-m='{"cN":"CatNav_Resources_CustomerStories_nav","id":"n1c4c1c10c8c2m1r1a1","sN":1,"aN":"c4c1c10c8c2m1r1a1"}'>Customer stories</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"Resources_Security101_cont","cT":"Container","id":"c5c1c10c8c2m1r1a1","sN":5,"aN":"c1c10c8c2m1r1a1"}'> <a id="shellmenu_126" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/security-101" data-m='{"cN":"CatNav_Resources_Security101_nav","id":"n1c5c1c10c8c2m1r1a1","sN":1,"aN":"c5c1c10c8c2m1r1a1"}'>Security 101</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"Resources_GetStartedTrials_cont","cT":"Container","id":"c6c1c10c8c2m1r1a1","sN":6,"aN":"c1c10c8c2m1r1a1"}'> <a id="shellmenu_127" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/get-started/start-free-trial" data-m='{"cN":"CatNav_Resources_GetStartedTrials_nav","id":"n1c6c1c10c8c2m1r1a1","sN":1,"aN":"c6c1c10c8c2m1r1a1"}'>Product trials</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"Resources_HowWeProtectMicrosoft_cont","cT":"Container","id":"c7c1c10c8c2m1r1a1","sN":7,"aN":"c1c10c8c2m1r1a1"}'> <a id="shellmenu_128" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/insidetrack" data-m='{"cN":"CatNav_Resources_HowWeProtectMicrosoft_nav","id":"n1c7c1c10c8c2m1r1a1","sN":1,"aN":"c7c1c10c8c2m1r1a1"}'>How we protect Microsoft</a> </li> </ul> </li> <li class="f-sub-menu js-nav-menu nested-menu" data-m='{"cT":"Container","id":"c2c10c8c2m1r1a1","sN":2,"aN":"c10c8c2m1r1a1"}'> <span id="uhf-navspn-shellmenu_129-span" style="display:none" f-multi-parent="true" aria-expanded="false" data-m='{"id":"nn1c2c10c8c2m1r1a1","sN":1,"aN":"c2c10c8c2m1r1a1"}'>Reports and analysis</span> <button id="uhf-navbtn-shellmenu_129-button" type="button" f-multi-parent="true" aria-expanded="false" data-m='{"id":"nn2c2c10c8c2m1r1a1","sN":2,"aN":"c2c10c8c2m1r1a1"}'>Reports and analysis</button> <ul aria-hidden="true" aria-labelledby="uhf-navspn-shellmenu_129-span"> <li class="js-nav-menu single-link" data-m='{"cN":"Resources_IndustryRecognition_cont","cT":"Container","id":"c3c2c10c8c2m1r1a1","sN":3,"aN":"c2c10c8c2m1r1a1"}'> <a id="shellmenu_130" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/reports-analysis/industry-recognized-cybersecurity-leader" data-m='{"cN":"CatNav_Resources_IndustryRecognition_nav","id":"n1c3c2c10c8c2m1r1a1","sN":1,"aN":"c3c2c10c8c2m1r1a1"}'>Industry recognition</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"Resources_SecurityInsider_cont","cT":"Container","id":"c4c2c10c8c2m1r1a1","sN":4,"aN":"c2c10c8c2m1r1a1"}'> <a id="shellmenu_131" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/security-insider/" data-m='{"cN":"CatNav_Resources_SecurityInsider_nav","id":"n1c4c2c10c8c2m1r1a1","sN":1,"aN":"c4c2c10c8c2m1r1a1"}'>Microsoft Security Insider</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"Resources_MDDR_cont","cT":"Container","id":"c5c2c10c8c2m1r1a1","sN":5,"aN":"c2c10c8c2m1r1a1"}'> <a id="shellmenu_132" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/security-insider/intelligence-reports/microsoft-digital-defense-report-2024" data-m='{"cN":"CatNav_Resources_MDDR_nav","id":"n1c5c2c10c8c2m1r1a1","sN":1,"aN":"c5c2c10c8c2m1r1a1"}'>Microsoft Digital Defense Report</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"Resources_SecurityResposeCenter_cont","cT":"Container","id":"c6c2c10c8c2m1r1a1","sN":6,"aN":"c2c10c8c2m1r1a1"}'> <a id="shellmenu_133" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/msrc/" data-m='{"cN":"CatNav_Resources_SecurityResposeCenter_nav","id":"n1c6c2c10c8c2m1r1a1","sN":1,"aN":"c6c2c10c8c2m1r1a1"}'>Security Response Center</a> </li> </ul> </li> <li class="f-sub-menu js-nav-menu nested-menu" data-m='{"cT":"Container","id":"c3c10c8c2m1r1a1","sN":3,"aN":"c10c8c2m1r1a1"}'> <span id="uhf-navspn-shellmenu_134-span" style="display:none" f-multi-parent="true" aria-expanded="false" data-m='{"id":"nn1c3c10c8c2m1r1a1","sN":1,"aN":"c3c10c8c2m1r1a1"}'>Community</span> <button id="uhf-navbtn-shellmenu_134-button" type="button" f-multi-parent="true" aria-expanded="false" data-m='{"id":"nn2c3c10c8c2m1r1a1","sN":2,"aN":"c3c10c8c2m1r1a1"}'>Community</button> <ul aria-hidden="true" aria-labelledby="uhf-navspn-shellmenu_134-span"> <li class="js-nav-menu single-link" data-m='{"cN":"Resources_SecurityBlog_cont","cT":"Container","id":"c3c3c10c8c2m1r1a1","sN":3,"aN":"c3c10c8c2m1r1a1"}'> <a id="shellmenu_135" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/blog/" data-m='{"cN":"CatNav_Resources_SecurityBlog_nav","id":"n1c3c3c10c8c2m1r1a1","sN":1,"aN":"c3c3c10c8c2m1r1a1"}'>Microsoft Security Blog</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"Resources_SecurityEvents_cont","cT":"Container","id":"c4c3c10c8c2m1r1a1","sN":4,"aN":"c3c10c8c2m1r1a1"}'> <a id="shellmenu_136" class="js-subm-uhf-nav-link" href="https://events.microsoft.com/en-us/allevents/?language=English&amp;clientTimeZone=1&amp;search=security" data-m='{"cN":"CatNav_Resources_SecurityEvents_nav","id":"n1c4c3c10c8c2m1r1a1","sN":1,"aN":"c4c3c10c8c2m1r1a1"}'>Microsoft Security Events</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"Resources_SecurityTechCommunity_cont","cT":"Container","id":"c5c3c10c8c2m1r1a1","sN":5,"aN":"c3c10c8c2m1r1a1"}'> <a id="shellmenu_137" class="js-subm-uhf-nav-link" href="https://techcommunity.microsoft.com/t5/security-compliance-and-identity/ct-p/MicrosoftSecurityandCompliance" data-m='{"cN":"CatNav_Resources_SecurityTechCommunity_nav","id":"n1c5c3c10c8c2m1r1a1","sN":1,"aN":"c5c3c10c8c2m1r1a1"}'>Microsoft Tech Community</a> </li> </ul> </li> <li class="f-sub-menu js-nav-menu nested-menu" data-m='{"cT":"Container","id":"c4c10c8c2m1r1a1","sN":4,"aN":"c10c8c2m1r1a1"}'> <span id="uhf-navspn-shellmenu_138-span" style="display:none" f-multi-parent="true" aria-expanded="false" data-m='{"id":"nn1c4c10c8c2m1r1a1","sN":1,"aN":"c4c10c8c2m1r1a1"}'>Documentation and training</span> <button id="uhf-navbtn-shellmenu_138-button" type="button" f-multi-parent="true" aria-expanded="false" data-m='{"id":"nn2c4c10c8c2m1r1a1","sN":2,"aN":"c4c10c8c2m1r1a1"}'>Documentation and training</button> <ul aria-hidden="true" aria-labelledby="uhf-navspn-shellmenu_138-span"> <li class="js-nav-menu single-link" data-m='{"cN":"Resources_SecurityDocs_cont","cT":"Container","id":"c3c4c10c8c2m1r1a1","sN":3,"aN":"c4c10c8c2m1r1a1"}'> <a id="shellmenu_139" class="js-subm-uhf-nav-link" href="https://learn.microsoft.com/en-us/security/" data-m='{"cN":"CatNav_Resources_SecurityDocs_nav","id":"n1c3c4c10c8c2m1r1a1","sN":1,"aN":"c3c4c10c8c2m1r1a1"}'>Documentation</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"Resources_TechnicalContentLibrary_cont","cT":"Container","id":"c4c4c10c8c2m1r1a1","sN":4,"aN":"c4c10c8c2m1r1a1"}'> <a id="shellmenu_140" class="js-subm-uhf-nav-link" href="https://learn.microsoft.com/en-us/security" data-m='{"cN":"CatNav_Resources_TechnicalContentLibrary_nav","id":"n1c4c4c10c8c2m1r1a1","sN":1,"aN":"c4c4c10c8c2m1r1a1"}'>Technical Content Library</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"Resources_TrainingandCertifications_cont","cT":"Container","id":"c5c4c10c8c2m1r1a1","sN":5,"aN":"c4c10c8c2m1r1a1"}'> <a id="shellmenu_141" class="js-subm-uhf-nav-link" href="https://learn.microsoft.com/en-us/learn/topics/sci?wt.mc_id=techcom_header-webpage-m365" data-m='{"cN":"CatNav_Resources_TrainingandCertifications_nav","id":"n1c5c4c10c8c2m1r1a1","sN":1,"aN":"c5c4c10c8c2m1r1a1"}'>Training &amp; certifications</a> </li> </ul> </li> <li class="f-sub-menu js-nav-menu nested-menu" data-m='{"cT":"Container","id":"c5c10c8c2m1r1a1","sN":5,"aN":"c10c8c2m1r1a1"}'> <span id="uhf-navspn-shellmenu_142-span" style="display:none" f-multi-parent="true" aria-expanded="false" data-m='{"id":"nn1c5c10c8c2m1r1a1","sN":1,"aN":"c5c10c8c2m1r1a1"}'>Additional sites</span> <button id="uhf-navbtn-shellmenu_142-button" type="button" f-multi-parent="true" aria-expanded="false" data-m='{"id":"nn2c5c10c8c2m1r1a1","sN":2,"aN":"c5c10c8c2m1r1a1"}'>Additional sites</button> <ul aria-hidden="true" aria-labelledby="uhf-navspn-shellmenu_142-span"> <li class="js-nav-menu single-link" data-m='{"cN":"Resources_ComplianceProgram_cont","cT":"Container","id":"c3c5c10c8c2m1r1a1","sN":3,"aN":"c5c10c8c2m1r1a1"}'> <a id="shellmenu_143" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/services/compliance-program-microsoft-cloud" data-m='{"cN":"CatNav_Resources_ComplianceProgram_nav","id":"n1c3c5c10c8c2m1r1a1","sN":1,"aN":"c3c5c10c8c2m1r1a1"}'>Compliance Program for Microsoft Cloud</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"Resources_TrustCenter_cont","cT":"Container","id":"c4c5c10c8c2m1r1a1","sN":4,"aN":"c5c10c8c2m1r1a1"}'> <a id="shellmenu_144" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/trust-center" data-m='{"cN":"CatNav_Resources_TrustCenter_nav","id":"n1c4c5c10c8c2m1r1a1","sN":1,"aN":"c4c5c10c8c2m1r1a1"}'>Microsoft Trust Center</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"Resources_SecurityEngineeringPortal_cont","cT":"Container","id":"c5c5c10c8c2m1r1a1","sN":5,"aN":"c5c10c8c2m1r1a1"}'> <a id="shellmenu_145" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/securityengineering" data-m='{"cN":"CatNav_Resources_SecurityEngineeringPortal_nav","id":"n1c5c5c10c8c2m1r1a1","sN":1,"aN":"c5c5c10c8c2m1r1a1"}'>Security Engineering Portal</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"Resources_ServiceTrustPortal_cont","cT":"Container","id":"c6c5c10c8c2m1r1a1","sN":6,"aN":"c5c10c8c2m1r1a1"}'> <a id="shellmenu_146" class="js-subm-uhf-nav-link" href="https://servicetrust.microsoft.com/" data-m='{"cN":"CatNav_Resources_ServiceTrustPortal_nav","id":"n1c6c5c10c8c2m1r1a1","sN":1,"aN":"c6c5c10c8c2m1r1a1"}'>Service Trust Portal</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"Secure \u0026 govern AI_cont","cT":"Container","id":"c7c5c10c8c2m1r1a1","sN":7,"aN":"c5c10c8c2m1r1a1"}'> <a id="shellmenu_147" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/trust-center/security/secure-future-initiative" data-m='{"cN":"CatNav_Secure \u0026 govern AI_nav","id":"n1c7c5c10c8c2m1r1a1","sN":1,"aN":"c7c5c10c8c2m1r1a1"}'>Microsoft Secure Future Initiative</a> </li> <li class="js-nav-menu single-link" data-m='{"cT":"Container","id":"c8c5c10c8c2m1r1a1","sN":8,"aN":"c5c10c8c2m1r1a1"}'> <a id="shellmenu_148" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/microsoft-cloud/solutions" data-m='{"id":"n1c8c5c10c8c2m1r1a1","sN":1,"aN":"c8c5c10c8c2m1r1a1"}'>Business Solutions Hub</a> </li> </ul> </li> </ul> </div> </li> <li class="single-link js-nav-menu uhf-menu-item"> <a id="c-shellmenu_custom_newtab_contactsales_bhvr124" class="c-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/get-started/contact-us" data-m='{"cN":"CatNav_Resources_ContactSales_nav","id":"n11c8c2m1r1a1","sN":11,"aN":"c8c2m1r1a1"}'>Contact Sales</a> </li> <li class="single-link js-nav-menu uhf-menu-item"> <a id="c-shellmenu_custom_button_outline_startfreetrial_bhvr234" class="c-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/get-started/start-free-trial" data-m='{"cN":"CatNav_Resources_GetStartedTrialsButton_nav","id":"n12c8c2m1r1a1","sN":12,"aN":"c8c2m1r1a1"}'>Start free trial</a> </li> <li id="overflow-menu" class="overflow-menu x-hidden uhf-menu-item"> <div class="c-uhf-menu js-nav-menu"> <button data-m='{"pid":"More","id":"nn13c8c2m1r1a1","sN":13,"aN":"c8c2m1r1a1"}' type="button" aria-label="More" aria-expanded="false">More</button> <ul id="overflow-menu-list" aria-hidden="true" class="overflow-menu-list"> </ul> </div> </li> </ul> </nav> <div class="c-uhfh-actions" data-m='{"cN":"Header actions_cont","cT":"Container","id":"c9c2m1r1a1","sN":9,"aN":"c2m1r1a1"}'> <div class="wf-menu"> <nav id="uhf-c-nav" aria-label="All Microsoft menu" data-m='{"cN":"GlobalNav_cont","cT":"Container","id":"c1c9c2m1r1a1","sN":1,"aN":"c9c2m1r1a1"}'> <ul class="js-paddle-items"> <li> <div class="c-uhf-menu js-nav-menu"> <button type="button" class="c-button-logo all-ms-nav" aria-expanded="false" data-m='{"cN":"GlobalNav_More_nonnav","id":"nn1c1c9c2m1r1a1","sN":1,"aN":"c1c9c2m1r1a1"}'> <span>All Microsoft</span></button> <ul class="f-multi-column f-multi-column-4" aria-hidden="true" data-m='{"cN":"More_cont","cT":"Container","id":"c2c1c9c2m1r1a1","sN":2,"aN":"c1c9c2m1r1a1"}'> <li class="c-w0-contr"> <h2 class="c-uhf-sronly">Global</h2> <ul class="c-w0"> <li class="js-nav-menu single-link" data-m='{"cN":"Microsoft Security_cont","cT":"Container","id":"c1c2c1c9c2m1r1a1","sN":1,"aN":"c2c1c9c2m1r1a1"}'> <a id="shellmenu_0" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security" data-m='{"cN":"W0Nav_Microsoft Security_nav","id":"n1c1c2c1c9c2m1r1a1","sN":1,"aN":"c1c2c1c9c2m1r1a1"}'>Microsoft Security</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"Azure_cont","cT":"Container","id":"c2c2c1c9c2m1r1a1","sN":2,"aN":"c2c1c9c2m1r1a1"}'> <a id="shellmenu_1" class="js-subm-uhf-nav-link" href="https://azure.microsoft.com/en-us/" data-m='{"cN":"W0Nav_Azure_nav","id":"n1c2c2c1c9c2m1r1a1","sN":1,"aN":"c2c2c1c9c2m1r1a1"}'>Azure</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"Dynamics 365_cont","cT":"Container","id":"c3c2c1c9c2m1r1a1","sN":3,"aN":"c2c1c9c2m1r1a1"}'> <a id="shellmenu_2" class="js-subm-uhf-nav-link" href="https://dynamics.microsoft.com/en-us/" data-m='{"cN":"W0Nav_Dynamics 365_nav","id":"n1c3c2c1c9c2m1r1a1","sN":1,"aN":"c3c2c1c9c2m1r1a1"}'>Dynamics 365</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"Microsoft 365_cont","cT":"Container","id":"c4c2c1c9c2m1r1a1","sN":4,"aN":"c2c1c9c2m1r1a1"}'> <a id="shellmenu_3" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/microsoft-365/business/" data-m='{"cN":"W0Nav_Microsoft 365_nav","id":"n1c4c2c1c9c2m1r1a1","sN":1,"aN":"c4c2c1c9c2m1r1a1"}'>Microsoft 365</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"Microsoft Teams_cont","cT":"Container","id":"c5c2c1c9c2m1r1a1","sN":5,"aN":"c2c1c9c2m1r1a1"}'> <a id="shellmenu_4" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/microsoft-teams/group-chat-software" data-m='{"cN":"W0Nav_Microsoft Teams_nav","id":"n1c5c2c1c9c2m1r1a1","sN":1,"aN":"c5c2c1c9c2m1r1a1"}'>Microsoft Teams</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"Windows 365_cont","cT":"Container","id":"c6c2c1c9c2m1r1a1","sN":6,"aN":"c2c1c9c2m1r1a1"}'> <a id="shellmenu_5" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/windows-365" data-m='{"cN":"W0Nav_Windows 365_nav","id":"n1c6c2c1c9c2m1r1a1","sN":1,"aN":"c6c2c1c9c2m1r1a1"}'>Windows 365</a> </li> </ul> </li> <li class="f-sub-menu js-nav-menu nested-menu" data-m='{"cT":"Container","id":"c7c2c1c9c2m1r1a1","sN":7,"aN":"c2c1c9c2m1r1a1"}'> <span id="uhf-navspn-shellmenu_7-span" style="display:none" f-multi-parent="true" aria-expanded="false" data-m='{"id":"nn1c7c2c1c9c2m1r1a1","sN":1,"aN":"c7c2c1c9c2m1r1a1"}'>Tech &amp; innovation</span> <button id="uhf-navbtn-shellmenu_7-button" type="button" f-multi-parent="true" aria-expanded="false" data-m='{"id":"nn2c7c2c1c9c2m1r1a1","sN":2,"aN":"c7c2c1c9c2m1r1a1"}'>Tech &amp; innovation</button> <ul aria-hidden="true" aria-labelledby="uhf-navspn-shellmenu_7-span"> <li class="js-nav-menu single-link" data-m='{"cN":"More_TechInnovation_MicrosoftCloud_cont","cT":"Container","id":"c3c7c2c1c9c2m1r1a1","sN":3,"aN":"c7c2c1c9c2m1r1a1"}'> <a id="shellmenu_8" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/microsoft-cloud" data-m='{"cN":"GlobalNav_More_TechInnovation_MicrosoftCloud_nav","id":"n1c3c7c2c1c9c2m1r1a1","sN":1,"aN":"c3c7c2c1c9c2m1r1a1"}'>Microsoft Cloud</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"More_TechInnovation__AI_cont","cT":"Container","id":"c4c7c2c1c9c2m1r1a1","sN":4,"aN":"c7c2c1c9c2m1r1a1"}'> <a id="shellmenu_9" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/ai" data-m='{"cN":"GlobalNav_More_TechInnovation__AI_nav","id":"n1c4c7c2c1c9c2m1r1a1","sN":1,"aN":"c4c7c2c1c9c2m1r1a1"}'>AI</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"More_TechInnovation_AzureSpace_cont","cT":"Container","id":"c5c7c2c1c9c2m1r1a1","sN":5,"aN":"c7c2c1c9c2m1r1a1"}'> <a id="shellmenu_10" class="js-subm-uhf-nav-link" href="https://azure.microsoft.com/en-us/solutions/space/" data-m='{"cN":"GlobalNav_More_TechInnovation_AzureSpace_nav","id":"n1c5c7c2c1c9c2m1r1a1","sN":1,"aN":"c5c7c2c1c9c2m1r1a1"}'>Azure Space</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"More_TechInnovation_MixedReality_cont","cT":"Container","id":"c6c7c2c1c9c2m1r1a1","sN":6,"aN":"c7c2c1c9c2m1r1a1"}'> <a id="shellmenu_11" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/mixed-reality/windows-mixed-reality" data-m='{"cN":"GlobalNav_More_TechInnovation_MixedReality_nav","id":"n1c6c7c2c1c9c2m1r1a1","sN":1,"aN":"c6c7c2c1c9c2m1r1a1"}'>Mixed reality</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"More_TechInnovation_MicrosoftHololens_cont","cT":"Container","id":"c7c7c2c1c9c2m1r1a1","sN":7,"aN":"c7c2c1c9c2m1r1a1"}'> <a id="shellmenu_12" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/hololens" data-m='{"cN":"GlobalNav_More_TechInnovation_MicrosoftHololens_nav","id":"n1c7c7c2c1c9c2m1r1a1","sN":1,"aN":"c7c7c2c1c9c2m1r1a1"}'>Microsoft HoloLens</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"More_TechInnovation_Microsoft Viva_cont","cT":"Container","id":"c8c7c2c1c9c2m1r1a1","sN":8,"aN":"c7c2c1c9c2m1r1a1"}'> <a id="shellmenu_13" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/microsoft-viva" data-m='{"cN":"GlobalNav_More_TechInnovation_Microsoft Viva_nav","id":"n1c8c7c2c1c9c2m1r1a1","sN":1,"aN":"c8c7c2c1c9c2m1r1a1"}'>Microsoft Viva</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"More_TechInnovation_QuantumComputing_cont","cT":"Container","id":"c9c7c2c1c9c2m1r1a1","sN":9,"aN":"c7c2c1c9c2m1r1a1"}'> <a id="shellmenu_14" class="js-subm-uhf-nav-link" href="https://azure.microsoft.com/en-us/solutions/quantum-computing/" data-m='{"cN":"GlobalNav_More_TechInnovation_QuantumComputing_nav","id":"n1c9c7c2c1c9c2m1r1a1","sN":1,"aN":"c9c7c2c1c9c2m1r1a1"}'>Quantum computing</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"More_TechInnovation_Sustainability_cont","cT":"Container","id":"c10c7c2c1c9c2m1r1a1","sN":10,"aN":"c7c2c1c9c2m1r1a1"}'> <a id="shellmenu_15" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/sustainability/" data-m='{"cN":"GlobalNav_More_TechInnovation_Sustainability_nav","id":"n1c10c7c2c1c9c2m1r1a1","sN":1,"aN":"c10c7c2c1c9c2m1r1a1"}'>Sustainability</a> </li> </ul> </li> <li class="f-sub-menu js-nav-menu nested-menu" data-m='{"cT":"Container","id":"c8c2c1c9c2m1r1a1","sN":8,"aN":"c2c1c9c2m1r1a1"}'> <span id="uhf-navspn-shellmenu_16-span" style="display:none" f-multi-parent="true" aria-expanded="false" data-m='{"id":"nn1c8c2c1c9c2m1r1a1","sN":1,"aN":"c8c2c1c9c2m1r1a1"}'>Industries</span> <button id="uhf-navbtn-shellmenu_16-button" type="button" f-multi-parent="true" aria-expanded="false" data-m='{"id":"nn2c8c2c1c9c2m1r1a1","sN":2,"aN":"c8c2c1c9c2m1r1a1"}'>Industries</button> <ul aria-hidden="true" aria-labelledby="uhf-navspn-shellmenu_16-span"> <li class="js-nav-menu single-link" data-m='{"cN":"More_Industries_Education_cont","cT":"Container","id":"c3c8c2c1c9c2m1r1a1","sN":3,"aN":"c8c2c1c9c2m1r1a1"}'> <a id="shellmenu_17" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/education" data-m='{"cN":"GlobalNav_More_Industries_Education_nav","id":"n1c3c8c2c1c9c2m1r1a1","sN":1,"aN":"c3c8c2c1c9c2m1r1a1"}'>Education</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"More_Industries_Automotive_cont","cT":"Container","id":"c4c8c2c1c9c2m1r1a1","sN":4,"aN":"c8c2c1c9c2m1r1a1"}'> <a id="shellmenu_18" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/industry/automotive" data-m='{"cN":"GlobalNav_More_Industries_Automotive_nav","id":"n1c4c8c2c1c9c2m1r1a1","sN":1,"aN":"c4c8c2c1c9c2m1r1a1"}'>Automotive</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"More_Industries_Financialservices_cont","cT":"Container","id":"c5c8c2c1c9c2m1r1a1","sN":5,"aN":"c8c2c1c9c2m1r1a1"}'> <a id="shellmenu_19" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/industry/financial-services/banking" data-m='{"cN":"GlobalNav_More_Industries_Financialservices_nav","id":"n1c5c8c2c1c9c2m1r1a1","sN":1,"aN":"c5c8c2c1c9c2m1r1a1"}'>Financial services</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"More_Industries_Government_cont","cT":"Container","id":"c6c8c2c1c9c2m1r1a1","sN":6,"aN":"c8c2c1c9c2m1r1a1"}'> <a id="shellmenu_20" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/industry/government" data-m='{"cN":"GlobalNav_More_Industries_Government_nav","id":"n1c6c8c2c1c9c2m1r1a1","sN":1,"aN":"c6c8c2c1c9c2m1r1a1"}'>Government</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"More_Industries_Health_cont","cT":"Container","id":"c7c8c2c1c9c2m1r1a1","sN":7,"aN":"c8c2c1c9c2m1r1a1"}'> <a id="shellmenu_21" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/industry/health/microsoft-cloud-for-healthcare" data-m='{"cN":"GlobalNav_More_Industries_Health_nav","id":"n1c7c8c2c1c9c2m1r1a1","sN":1,"aN":"c7c8c2c1c9c2m1r1a1"}'>Healthcare</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"More_Industries_Manufacturing_cont","cT":"Container","id":"c8c8c2c1c9c2m1r1a1","sN":8,"aN":"c8c2c1c9c2m1r1a1"}'> <a id="shellmenu_22" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/industry/manufacturing/microsoft-cloud-for-manufacturing" data-m='{"cN":"GlobalNav_More_Industries_Manufacturing_nav","id":"n1c8c8c2c1c9c2m1r1a1","sN":1,"aN":"c8c8c2c1c9c2m1r1a1"}'>Manufacturing</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"More_Industries_Retail_cont","cT":"Container","id":"c9c8c2c1c9c2m1r1a1","sN":9,"aN":"c8c2c1c9c2m1r1a1"}'> <a id="shellmenu_23" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/industry/consumer-goods" data-m='{"cN":"GlobalNav_More_Industries_Retail_nav","id":"n1c9c8c2c1c9c2m1r1a1","sN":1,"aN":"c9c8c2c1c9c2m1r1a1"}'>Retail</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"More_Industries_Allindustries_cont","cT":"Container","id":"c10c8c2c1c9c2m1r1a1","sN":10,"aN":"c8c2c1c9c2m1r1a1"}'> <a id="shellmenu_24" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/industry" data-m='{"cN":"GlobalNav_More_Industries_Allindustries_nav","id":"n1c10c8c2c1c9c2m1r1a1","sN":1,"aN":"c10c8c2c1c9c2m1r1a1"}'>All industries</a> </li> </ul> </li> <li class="f-sub-menu js-nav-menu nested-menu" data-m='{"cT":"Container","id":"c9c2c1c9c2m1r1a1","sN":9,"aN":"c2c1c9c2m1r1a1"}'> <span id="uhf-navspn-shellmenu_25-span" style="display:none" f-multi-parent="true" aria-expanded="false" data-m='{"id":"nn1c9c2c1c9c2m1r1a1","sN":1,"aN":"c9c2c1c9c2m1r1a1"}'>Partners</span> <button id="uhf-navbtn-shellmenu_25-button" type="button" f-multi-parent="true" aria-expanded="false" data-m='{"id":"nn2c9c2c1c9c2m1r1a1","sN":2,"aN":"c9c2c1c9c2m1r1a1"}'>Partners</button> <ul aria-hidden="true" aria-labelledby="uhf-navspn-shellmenu_25-span"> <li class="js-nav-menu single-link" data-m='{"cN":"More_Partner_FindPartner_cont","cT":"Container","id":"c3c9c2c1c9c2m1r1a1","sN":3,"aN":"c9c2c1c9c2m1r1a1"}'> <a id="shellmenu_26" class="js-subm-uhf-nav-link" href="https://partner.microsoft.com/en-US/" data-m='{"cN":"GlobalNav_More_Partner_FindPartner_nav","id":"n1c3c9c2c1c9c2m1r1a1","sN":1,"aN":"c3c9c2c1c9c2m1r1a1"}'>Find a partner</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"More_Partner_BecomePartner_cont","cT":"Container","id":"c4c9c2c1c9c2m1r1a1","sN":4,"aN":"c9c2c1c9c2m1r1a1"}'> <a id="shellmenu_27" class="js-subm-uhf-nav-link" href="https://partner.microsoft.com/en-US/membership/cloud-solution-provider" data-m='{"cN":"GlobalNav_More_Partner_BecomePartner_nav","id":"n1c4c9c2c1c9c2m1r1a1","sN":1,"aN":"c4c9c2c1c9c2m1r1a1"}'>Become a partner</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"More_Partner_PartnerNetwork_cont","cT":"Container","id":"c5c9c2c1c9c2m1r1a1","sN":5,"aN":"c9c2c1c9c2m1r1a1"}'> <a id="shellmenu_28" class="js-subm-uhf-nav-link" href="https://partner.microsoft.com/en-us/membership" data-m='{"cN":"GlobalNav_More_Partner_PartnerNetwork_nav","id":"n1c5c9c2c1c9c2m1r1a1","sN":1,"aN":"c5c9c2c1c9c2m1r1a1"}'>Partner Network</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"More_Partner_AzureMarketplace_cont","cT":"Container","id":"c6c9c2c1c9c2m1r1a1","sN":6,"aN":"c9c2c1c9c2m1r1a1"}'> <a id="shellmenu_29" class="js-subm-uhf-nav-link" href="https://azuremarketplace.microsoft.com/en-us/" data-m='{"cN":"GlobalNav_More_Partner_AzureMarketplace_nav","id":"n1c6c9c2c1c9c2m1r1a1","sN":1,"aN":"c6c9c2c1c9c2m1r1a1"}'>Azure Marketplace</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"More_Partner_AppSource_cont","cT":"Container","id":"c7c9c2c1c9c2m1r1a1","sN":7,"aN":"c9c2c1c9c2m1r1a1"}'> <a id="shellmenu_30" class="js-subm-uhf-nav-link" href="https://appsource.microsoft.com/en-us/" data-m='{"cN":"GlobalNav_More_Partner_AppSource_nav","id":"n1c7c9c2c1c9c2m1r1a1","sN":1,"aN":"c7c9c2c1c9c2m1r1a1"}'>AppSource</a> </li> </ul> </li> <li class="f-sub-menu js-nav-menu nested-menu" data-m='{"cT":"Container","id":"c10c2c1c9c2m1r1a1","sN":10,"aN":"c2c1c9c2m1r1a1"}'> <span id="uhf-navspn-shellmenu_31-span" style="display:none" f-multi-parent="true" aria-expanded="false" data-m='{"id":"nn1c10c2c1c9c2m1r1a1","sN":1,"aN":"c10c2c1c9c2m1r1a1"}'>Resources</span> <button id="uhf-navbtn-shellmenu_31-button" type="button" f-multi-parent="true" aria-expanded="false" data-m='{"id":"nn2c10c2c1c9c2m1r1a1","sN":2,"aN":"c10c2c1c9c2m1r1a1"}'>Resources</button> <ul aria-hidden="true" aria-labelledby="uhf-navspn-shellmenu_31-span"> <li class="js-nav-menu single-link" data-m='{"cN":"More_Resources_Blog_cont","cT":"Container","id":"c3c10c2c1c9c2m1r1a1","sN":3,"aN":"c10c2c1c9c2m1r1a1"}'> <a id="shellmenu_32" class="js-subm-uhf-nav-link" href="https://blogs.microsoft.com/" data-m='{"cN":"GlobalNav_More_Resources_Blog_nav","id":"n1c3c10c2c1c9c2m1r1a1","sN":1,"aN":"c3c10c2c1c9c2m1r1a1"}'>Blog</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"More_Resources_MicrosoftAdvertising_cont","cT":"Container","id":"c4c10c2c1c9c2m1r1a1","sN":4,"aN":"c10c2c1c9c2m1r1a1"}'> <a id="shellmenu_33" class="js-subm-uhf-nav-link" href="https://about.ads.microsoft.com/en-us?s_cid=dig-src_uhfcomm" data-m='{"cN":"GlobalNav_More_Resources_MicrosoftAdvertising_nav","id":"n1c4c10c2c1c9c2m1r1a1","sN":1,"aN":"c4c10c2c1c9c2m1r1a1"}'>Microsoft Advertising</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"More_Resources_DeveloperCenter_cont","cT":"Container","id":"c5c10c2c1c9c2m1r1a1","sN":5,"aN":"c10c2c1c9c2m1r1a1"}'> <a id="shellmenu_34" class="js-subm-uhf-nav-link" href="https://developer.microsoft.com/en-us/" data-m='{"cN":"GlobalNav_More_Resources_DeveloperCenter_nav","id":"n1c5c10c2c1c9c2m1r1a1","sN":1,"aN":"c5c10c2c1c9c2m1r1a1"}'>Developer Center</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"More_Resources_Documentation_cont","cT":"Container","id":"c6c10c2c1c9c2m1r1a1","sN":6,"aN":"c10c2c1c9c2m1r1a1"}'> <a id="shellmenu_35" class="js-subm-uhf-nav-link" href="https://learn.microsoft.com/docs/" data-m='{"cN":"GlobalNav_More_Resources_Documentation_nav","id":"n1c6c10c2c1c9c2m1r1a1","sN":1,"aN":"c6c10c2c1c9c2m1r1a1"}'>Documentation</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"More_Resources_Events_cont","cT":"Container","id":"c7c10c2c1c9c2m1r1a1","sN":7,"aN":"c10c2c1c9c2m1r1a1"}'> <a id="shellmenu_36" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/events" data-m='{"cN":"GlobalNav_More_Resources_Events_nav","id":"n1c7c10c2c1c9c2m1r1a1","sN":1,"aN":"c7c10c2c1c9c2m1r1a1"}'>Events</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"More_Resources_Licensing_cont","cT":"Container","id":"c8c10c2c1c9c2m1r1a1","sN":8,"aN":"c10c2c1c9c2m1r1a1"}'> <a id="shellmenu_37" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/licensing/" data-m='{"cN":"GlobalNav_More_Resources_Licensing_nav","id":"n1c8c10c2c1c9c2m1r1a1","sN":1,"aN":"c8c10c2c1c9c2m1r1a1"}'>Licensing</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"More_Resources_MicrosoftLearn_cont","cT":"Container","id":"c9c10c2c1c9c2m1r1a1","sN":9,"aN":"c10c2c1c9c2m1r1a1"}'> <a id="shellmenu_38" class="js-subm-uhf-nav-link" href="https://learn.microsoft.com/" data-m='{"cN":"GlobalNav_More_Resources_MicrosoftLearn_nav","id":"n1c9c10c2c1c9c2m1r1a1","sN":1,"aN":"c9c10c2c1c9c2m1r1a1"}'>Microsoft Learn</a> </li> <li class="js-nav-menu single-link" data-m='{"cN":"More_Resources_MicrosoftResearch_cont","cT":"Container","id":"c10c10c2c1c9c2m1r1a1","sN":10,"aN":"c10c2c1c9c2m1r1a1"}'> <a id="shellmenu_39" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/research/" data-m='{"cN":"GlobalNav_More_Resources_MicrosoftResearch_nav","id":"n1c10c10c2c1c9c2m1r1a1","sN":1,"aN":"c10c10c2c1c9c2m1r1a1"}'>Microsoft Research</a> </li> </ul> </li> <li class="f-multi-column-info"> <a data-m='{"id":"n11c2c1c9c2m1r1a1","sN":11,"aN":"c2c1c9c2m1r1a1"}' href="https://www.microsoft.com/en-us/sitemap" aria-label="" class="c-glyph">View Sitemap</a> </li> </ul> </div> </li> </ul> </nav> </div> <form class="c-search" autocomplete="off" id="searchForm" name="searchForm" role="search" action="https://www.microsoft.com/en-us/security/site-search" method="GET" data-seAutoSuggest='' data-seautosuggestapi="https://www.microsoft.com/msstoreapiprod/api/autosuggest" data-m='{"cN":"GlobalNav_Search_cont","cT":"Container","id":"c3c1c9c2m1r1a1","sN":3,"aN":"c1c9c2m1r1a1"}' aria-expanded="false"> <input id="cli_shellHeaderSearchInput" aria-label="Search Expanded" aria-autocomplete="list" aria-expanded="false" aria-controls="universal-header-search-auto-suggest-transparent" aria-owns="universal-header-search-auto-suggest-ul" type="search" name="q" role="combobox" placeholder="Search Microsoft Security" data-m='{"cN":"SearchBox_nav","id":"n1c3c1c9c2m1r1a1","sN":1,"aN":"c3c1c9c2m1r1a1"}' data-toggle="tooltip" data-placement="right" title="Search Microsoft Security" /> <button id="search" aria-label="Search Microsoft Security" class="c-glyph" data-m='{"cN":"Search_nav","id":"n2c3c1c9c2m1r1a1","sN":2,"aN":"c3c1c9c2m1r1a1"}' data-bi-mto="true" aria-expanded="false" disabled="disabled"> <span role="presentation">Search</span> <span role="tooltip" class="c-uhf-tooltip c-uhf-search-tooltip">Search Microsoft Security</span> </button> <div class="m-auto-suggest" id="universal-header-search-auto-suggest-transparent" role="group"> <ul class="c-menu" id="universal-header-search-auto-suggest-ul" aria-label="Search Suggestions" aria-hidden="true" data-bi-dnt="true" data-bi-mto="true" data-js-auto-suggest-position="default" role="listbox" data-tel="jsll" data-m='{"cN":"search suggestions_cont","cT":"Container","id":"c3c3c1c9c2m1r1a1","sN":3,"aN":"c3c1c9c2m1r1a1"}'></ul> <ul class="c-menu f-auto-suggest-no-results" aria-hidden="true" data-js-auto-suggest-postion="default" data-js-auto-suggest-position="default" role="listbox"> <li class="c-menu-item"> <span tabindex="-1">No results</span></li> </ul> </div> </form> <button data-m='{"cN":"cancel-search","pid":"Cancel Search","id":"nn4c1c9c2m1r1a1","sN":4,"aN":"c1c9c2m1r1a1"}' id="cancel-search" class="cancel-search" aria-label="Cancel Search"> <span>Cancel</span> </button> </div> </div> </div> </header> </div> </div> </div> <div id="header-container" class="header-container"> </div> <main id="mainContent" class="main"> <div class="bg-gray-100 dark-bg-black"> <div class="search-header pt-0 pb-g py-md-4 border-top"> <div class="container"> <div class="front-page__navigation-search row justify-content-between align-items-center"> <div class="col-12 col-md"> <div class="search-header-breadcrumb d-flex py-g py-md-0" data-bi-an="Breadcrumb"> <nav class="flex-grow-1 pr-3" aria-label="Your location in the site" > <ol class="breadcrumb p-0 m-0"> <li class="breadcrumb-item d-inline-flex"> <span class="breadcrumbs__icon glyph-prepend glyph-prepend-home mr-2 d-flex align-items-center text-neutral-600"></span> <a class="small" data-bi-cn="Blog home" data-bi-ct="breadcrumb link" href="https://www.microsoft.com/en-us/security/blog/" > Blog home </a> </li> <li class="breadcrumb-item active small" aria-current="page">Threat intelligence</li> </ol> </nav> </div> </div> <div class="col-12 col-md-4 border-top border-neutral-300 border-top-md-0"> <div id="header-search" class="header-search pt-g pt-md-0"> <div id="header-search-content" class="header-search__content"> <div itemscope itemtype="http://schema.org/WebSite"> <form role="search" id="searchform-1" action="https://www.microsoft.com/en-us/security/blog/" class="search-form" type="searchForm" > <meta itemprop="target" content="https://www.microsoft.com/en-us/security/blog/?s={s}" /> <label for="searchform-1-field" class="sr-only"> Search the Microsoft security blog </label> <div class="bg-white dark-bg-gray-900 dark-text-white dark-border-gray-700 border border-gray-300 d-flex"> <input itemprop="query-input" class="form-control form-control-sm border-0 flex-grow-1 h-100 py-2" type="search" id="searchform-1-field" name="s" placeholder="Search the blog" value="" > <button class="btn btn-link-secondary m-0 py-1" type="submit"> <span class="sr-only">Submit</span> <span class="svg" aria-hidden="true"> <svg xmlns="http://www.w3.org/2000/svg" width="13" height="12" fill="none" viewBox="0 0 12 13"><path fill="#4C4C51" d="M4.833.097a4.833 4.833 0 0 1 3.753 7.879l3.268 3.267a.5.5 0 0 1-.651.756l-.057-.049L7.88 8.683A4.833 4.833 0 1 1 4.833.097m0 1a3.833 3.833 0 1 0 0 7.666 3.833 3.833 0 0 0 0-7.666" /></svg> </span> </button> </div> </form> </div> </div> </div> </div> </div> </div> </div> <div class="container"> <header class="single__header pb-md-5 single__header--default" data-bi-an="Single Header"> <div class="card-offset flipped d-block mx-ng mx-md-0 has-post-thumbnail"> <div class="card-background row no-gutters material-surface material-color-brand"> <div class="single__featured-image col-md-6"> <picture class="card-img d-block"> <img width="1024" height="683" src="https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/06/Featured-image-Cadet-Blizzard-1024x683.jpg" class="aspect-ratio-16-9 img-object-cover d-block" alt="a close up of a blue wall" decoding="async" fetchpriority="high" srcset="https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/06/Featured-image-Cadet-Blizzard-1024x683.jpg 1024w, https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/06/Featured-image-Cadet-Blizzard-300x200.jpg 300w, https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/06/Featured-image-Cadet-Blizzard-768x512.jpg 768w, https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/06/Featured-image-Cadet-Blizzard.jpg 1200w" sizes="(max-width: 1024px) 100vw, 1024px" /> </picture> </div> <div class="d-flex col-md"> <div class="card-body align-self-center" > <div class="single__header-meta d-inline-flex flex-wrap gap-1"> <div class="single__taxonomies"> <ul class="list-unstyled d-inline-flex flex-wrap gap-1 m-0"> <li class="d-inline"> <a href="https://www.microsoft.com/en-us/security/blog/content-type/research/" data-bi-cn="Research" data-bi-ct="post categories" data-bi-id="3663" > Research </a> </li> <li class="d-inline"> <a href="https://www.microsoft.com/en-us/security/blog/topic/threat-intelligence/" data-bi-cn="Threat intelligence" data-bi-ct="post categories" data-bi-id="3687" > Threat intelligence </a> </li> <li class="d-inline"> <a href="https://www.microsoft.com/en-us/security/blog/products/microsoft-defender/" data-bi-cn="Microsoft Defender" data-bi-ct="post categories" data-bi-id="3690" > Microsoft Defender </a> </li> <li class="d-inline"> <a href="https://www.microsoft.com/en-us/security/blog/threat-intelligence/attacker-techniques-tools-and-infrastructure/" data-bi-cn="Attacker techniques, tools, and infrastructure" data-bi-ct="post categories" data-bi-id="3727" > Attacker techniques, tools, and infrastructure </a> </li> </ul> </div> <div class="single__read-time"> 13 min read </div> </div> <h1 class="single__title h2 m-0 pt-2">Cadet Blizzard emerges as a novel and distinct Russian threat actor</h1> <div class="single__byline pt-g pt-md-4 pr-4 pr-md-0 small"> <ul class="m-0 list-unstyled" data-bi-an="Author Bio"> <li> <span class=""> By </span> <a class="text-white" href="https://www.microsoft.com/en-us/security/blog/author/microsoft-security-threat-intelligence/" data-bi-id="130492" data-bi-cn="Microsoft Threat Intelligence" data-bi-ct="author link" >Microsoft Threat Intelligence</a> </li> </ul> </div> </div> </div> </div> </div> </header> </div> </div> <div class="single__meta" data-bi-an="Rail"> <time class="single__date font-weight-bold d-block small text-neutral-600" datetime="2023-06-14T09:00:00-07:00" > June 14, 2023 </time> <ul class="single__share mt-3 list-inline mb-0 align-middle gap-2 align-items-center"> <li class="list-inline-item m-0"> <a class="d-flex" aria-label="Share on Facebook" data-bi-cn="Share on Facebook" data-bi-id="130492" data-bi-ct="share link" data-bi-bhvr="120" href="https://www.facebook.com/sharer.php?u=https://www.microsoft.com/en-us/security/blog/2023/06/14/cadet-blizzard-emerges-as-a-novel-and-distinct-russian-threat-actor/" target="_blank" rel="noreferrer noopener" > <span class="svg" aria-hidden="true"> <svg xmlns="http://www.w3.org/2000/svg" width="25" height="24" fill="none" viewBox="0 0 25 24"><path fill="#0067B8" d="M24.227 12c0-6.428-5.209-11.637-11.636-11.637S.955 5.573.955 12c0 5.809 4.254 10.622 9.818 11.495v-8.132H7.818V12h2.955V9.436c0-2.916 1.736-4.527 4.395-4.527 1.273 0 2.605.227 2.605.227V8h-1.468c-1.446 0-1.896.897-1.896 1.818V12h3.227l-.516 3.363h-2.71v8.132c5.563-.873 9.817-5.686 9.817-11.495" /><path fill="#fff" d="M17.12 15.363 17.636 12H14.41V9.818c0-.92.45-1.818 1.895-1.818h1.469V5.136s-1.332-.227-2.605-.227c-2.659 0-4.395 1.611-4.395 4.527V12H7.818v3.363h2.955v8.132a11.7 11.7 0 0 0 3.636 0v-8.132z" /></svg> </span> </a> </li> <li class="list-inline-item m-0"> <a class="d-flex" aria-label="Share on X" data-bi-cn="Share on X" data-bi-id="130492" data-bi-ct="share link" data-bi-bhvr="120" href="https://twitter.com/intent/tweet?url=https://www.microsoft.com/en-us/security/blog/2023/06/14/cadet-blizzard-emerges-as-a-novel-and-distinct-russian-threat-actor/" target="_blank" rel="noreferrer noopener" > <span class="svg" aria-hidden="true"> <svg xmlns="http://www.w3.org/2000/svg" width="29" height="29" fill="none" viewBox="0 0 29 29"><g><path fill="currentColor" d="M17.259 12.273 28.055 0h-2.558l-9.375 10.657L8.635 0H0l11.322 16.115L0 28.985h2.558l9.9-11.254 7.907 11.254H29zm-3.504 3.984-1.147-1.605L3.48 1.884h3.93l7.366 10.304 1.147 1.605 9.575 13.394h-3.93z" /></g><defs><path fill="currentColor" d="M0 0h29v29H0z" /></defs></svg> </span> </a> </li> <li class="list-inline-item m-0"> <a class="d-flex" aria-label="Share on LinkedIn" data-bi-cn="Share on LinkedIn" data-bi-id="130492" data-bi-ct="share link" data-bi-bhvr="120" href="https://www.linkedin.com/shareArticle?mini=true&url=https://www.microsoft.com/en-us/security/blog/2023/06/14/cadet-blizzard-emerges-as-a-novel-and-distinct-russian-threat-actor/" target="_blank" rel="noreferrer noopener" > <span class="svg" aria-hidden="true"> <svg xmlns="http://www.w3.org/2000/svg" width="30" height="29" fill="none" viewBox="0 0 30 29"><path fill="#0A66C1" d="M25.011 24.711h-4.203v-6.744c0-1.59-.047-3.66-2.172-3.66-2.172 0-2.55 1.734-2.55 3.564v6.84h-4.203V10.886h4.014v1.879h.047a4.31 4.31 0 0 1 4.014-2.216c4.25 0 5.053 2.89 5.053 6.6zM7.114 9.008c-1.37 0-2.456-1.108-2.456-2.505s1.087-2.505 2.456-2.505c1.37 0 2.455 1.108 2.455 2.505S8.483 9.008 7.114 9.008M9.239 24.71h-4.25V10.886h4.203v13.825zM27.136 0H2.864A2.076 2.076 0 0 0 .786 2.071v24.856c0 1.156.945 2.12 2.078 2.071h24.225c1.133 0 2.078-.915 2.125-2.071V2.071A2.076 2.076 0 0 0 27.136 0" /></svg> </span> </a> </li> </ul> <div id="single-tags" class="mt-3 mt-lg-4 mb-2"> <ul class="single__tags list-unstyled m-0"> <li> <a class="btn btn-neutral-100 btn-sm" href="https://www.microsoft.com/en-us/security/blog/products/microsoft-defender-for-endpoint/" data-bi-id="3694" data-bi-cn="Microsoft Defender for Endpoint" data-bi-ct="post categories" > Microsoft Defender for Endpoint </a> </li> <li> <a class="btn btn-neutral-100 btn-sm" href="https://www.microsoft.com/en-us/security/blog/products/microsoft-defender-vulnerability-management/" data-bi-id="3856" data-bi-cn="Microsoft Defender Vulnerability Management" data-bi-ct="post categories" > Microsoft Defender Vulnerability Management </a> </li> <li> <a class="btn btn-neutral-100 btn-sm" href="https://www.microsoft.com/en-us/security/blog/products/microsoft-defender-xdr/" data-bi-id="3693" data-bi-cn="Microsoft Defender XDR" data-bi-ct="post categories" > Microsoft Defender XDR </a> </li> <li> <a class="btn btn-neutral-100 btn-sm" href="https://www.microsoft.com/en-us/security/blog/products/microsoft-sentinel/" data-bi-id="3726" data-bi-cn="Microsoft Sentinel" data-bi-ct="post categories" > Microsoft Sentinel </a> </li> <li> <a class="btn btn-neutral-100 btn-sm" href="https://www.microsoft.com/en-us/security/blog/threat-intelligence/cybercrime/" data-bi-id="3730" data-bi-cn="Cybercrime" data-bi-ct="post categories" > Cybercrime </a> </li> <li> <a class="btn btn-neutral-100 btn-sm" href="https://www.microsoft.com/en-us/security/blog/threat-intelligence/threat-actors/" data-bi-id="3738" data-bi-cn="Threat actors" data-bi-ct="post categories" > Threat actors </a> </li> <li> <a class="btn btn-neutral-100 btn-sm" href="https://www.microsoft.com/en-us/security/blog/threat-intelligence/vulnerabilities-and-exploits/" data-bi-id="3739" data-bi-cn="Vulnerabilities and exploits" data-bi-ct="post categories" > Vulnerabilities and exploits </a> </li> <li> <a class="btn btn-neutral-100 btn-sm" href="https://www.microsoft.com/en-us/security/blog/tag/blizzard/" data-bi-id="3918" data-bi-cn="Blizzard" data-bi-ct="post categories" > Blizzard </a> </li> <li> <a class="btn btn-neutral-100 btn-sm" href="https://www.microsoft.com/en-us/security/blog/tag/living-off-the-land/" data-bi-id="3921" data-bi-cn="Living off the land" data-bi-ct="post categories" > Living off the land </a> </li> <li> <a class="btn btn-neutral-100 btn-sm" href="https://www.microsoft.com/en-us/security/blog/tag/state-sponsored-threat-actor/" data-bi-id="3908" data-bi-cn="State-sponsored threat actor" data-bi-ct="post categories" > State-sponsored threat actor </a> </li> </ul> </div> </div> <div class="single__content mb-4 pt-4 pt-xl-5 pb-5" data-bi-an="Blog Body"> <p>As Russia’s invasion of Ukraine continues into its second year and Microsoft continues to collaborate with global partners in response, the exposure of destructive cyber capabilities and information operations provide greater clarity into the tools and techniques used by Russian state-sponsored threat actors. Throughout the conflict, Russian threat actors have deployed a variety of destructive capabilities with varying levels of sophistication and impact, which showcase how malicious actors rapidly implement novel techniques during a hybrid war, along with the practical limitations of executing destructive campaigns when significant operational errors are made and the security community rallies around defense. These insights help security researchers continuously refine detection and mitigation capabilities to defend against such attacks as they evolve in a wartime environment.</p> <p>Today, Microsoft Threat Intelligence is sharing updated details about techniques of a threat actor formerly tracked as <a href="https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/">DEV-0586</a>—a distinct Russian state-sponsored threat actor that has now been elevated to the name Cadet Blizzard. As a result of our investigation into their intrusion activity over the past year, we have gained high confidence in our analysis and knowledge of the actor’s tooling, victimology, and motivation, meeting the criteria to convert this group to a <a href="https://www.microsoft.com/security/blog/2023/04/18/microsoft-shifts-to-a-new-threat-actor-naming-taxonomy/">named threat actor</a>. &nbsp;</p> <p>Microsoft assesses that Cadet Blizzard operations are <a href="https://blogs.microsoft.com/on-the-issues/2023/06/14/russian-cyberattacks-ukraine-cadet-blizzard/">associated with the Russian General Staff Main Intelligence Directorate (GRU)</a> but are separate from other known and more established GRU-affiliated groups such as Forest Blizzard (STRONTIUM) and Seashell Blizzard (IRIDIUM). While Microsoft constantly tracks a number of activity groups with varying degrees of Russian government affiliation, the emergence of a novel GRU affiliated actor, particularly one which has conducted destructive cyber operations likely supporting broader military objectives in Ukraine, is a notable development in the Russian cyber threat landscape. A month before Russia invaded Ukraine, Cadet Blizzard foreshadowed future destructive activity when it created and deployed <a href="https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/">WhisperGate</a>, a destructive capability that wipes Master Boot Records (MBRs), against Ukrainian government organizations. Cadet Blizzard is also linked <a href="https://www.npr.org/2022/01/14/1073001754/ukraine-cyber-attack-government-websites-russia">to the defacements</a> of several Ukrainian organization websites, as well as multiple operations, including the hack-and-leak forum known as “Free Civilian”.</p> <p>Microsoft has tracked Cadet Blizzard since the deployment of WhisperGate in January 2022. We assess that they have been operational in some capacity since at least 2020 and continue to perform network operations through the present. Operationally consistent with the remit and assessed objectives of GRU-led operations throughout Russia’s invasion of Ukraine, Cadet Blizzard has engaged in focused destructive attacks, espionage, and information operations in regionally significant areas. Cadet Blizzard’s operations, though comparatively less prolific in both scale and scope to more established threat actors such as Seashell Blizzard, are structured to deliver impact and frequently run the risk of hampering continuity of network operations and exposing sensitive information through targeted hack-and-leak operations. Primary targeted sectors include government organizations and information technology providers in Ukraine, although organizations in Europe and Latin America have also been targeted.</p> <p>Microsoft has been <a href="https://blogs.microsoft.com/on-the-issues/2022/11/03/our-tech-support-ukraine/#:~:text=Since%20the%20war%20began%20in%20February%2C%20Microsoft%20and,critical%20Ukrainian%20services%20through%20data%20centers%20across%20Europe.">working with CERT-UA</a> closely since the beginning of Russia’s war in Ukraine and continues to support the country and neighboring states in protecting against cyberattacks, such as the ones carried out by Cadet Blizzard. As with any observed nation-state actor activity, Microsoft directly and proactively notifies customers that have been targeted or compromised, providing them with the information they need to guide their investigations. Microsoft is also actively working with members of the global security community and other strategic partners to share information that can address this evolving threat through multiple channels. Having elevated this activity to a distinct threat actor name, we’re sharing this information with the larger security community to provide insights to protect and mitigate Cadet Blizzard as a threat. Organizations should actively take steps to protect environments against Cadet Blizzard, and this blog further aims to discuss how to detect and prevent disruption.</p> <h2 class="wp-block-heading" id="who-is-cadet-blizzard">Who is Cadet Blizzard?</h2> <p>Cadet Blizzard is a Russian GRU-sponsored threat group that Microsoft began tracking following disruptive and destructive events occurring at multiple government agencies in Ukraine in mid-January 2022. During this time, Russian troops backed with tanks and artillery were surrounding the Ukrainian border as the military prepped for an offensive attack. The <a href="https://www.npr.org/2022/01/14/1073001754/ukraine-cyber-attack-government-websites-russia">defacements</a> of key Ukrainian institutions’ websites, coupled with the WhisperGate malware, prefaced <a href="https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE4Vwwd">multiple waves of attacks</a> by Seashell Blizzard that followed when the Russian military began their ground offensive a month later.</p> <p>Cadet Blizzard compromises and maintains a foothold on affected networks for months, often exfiltrating data prior to disruptive actions. Microsoft observed Cadet Blizzard’s activity peak between January and June 2022, followed by an extended period of reduced activity. The group re-emerged in January 2023 with increased operations against multiple entities in Ukraine and in Europe, including another round of website defacements and a new “Free Civilian” Telegram channel affiliated with the hack-and-leak front under the same name that first emerged in January 2022, around the same time as the initial defacements. Cadet Blizzard actors are active seven days of the week and have conducted their operations during their primary European targets’ off-business hours. Microsoft assesses that NATO member states involved in providing military aid to Ukraine are at greater risk.</p> <figure class="wp-block-image size-full"><img decoding="async" src="https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/06/Figure-1.-A-heatmap-of-the-operational-cadence-of-Cadet-Blizzard.webp" alt="Cadet Blizzard heatmap displaying their operational cadence by the day of the week and active times (UTC). " class="wp-image-130495 webp-format" srcset="" data-orig-src="https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/06/Figure-1.-A-heatmap-of-the-operational-cadence-of-Cadet-Blizzard.webp"><figcaption class="wp-element-caption">Figure 1. A heatmap of the operational cadence of Cadet Blizzard</figcaption></figure> <p>Cadet Blizzard seeks to conduct disruption, destruction, and information collection, using whatever means are available and sometimes acting in a haphazard fashion. While the group carries high risk due to their destructive activity, they appear to operate with a lower degree of operational security than that of longstanding and advanced Russian groups such as Seashell Blizzard and Forest Blizzard. &nbsp;Additionally, as is the case with other Russian state-sponsored threat groups, Microsoft assesses that at least one Russian private sector organization has materially supported Cadet Blizzard by providing operational support including during the WhisperGate destructive attack.</p> <h3 class="wp-block-heading" id="targets">Targets</h3> <p>Cadet Blizzard’s operations are global in scope but consistently affect regional hotspots in Ukraine, Europe, Central Asia, and, periodically, Latin America. Cadet Blizzard likely prioritizes target networks based on requirements consistent with Russian military or intelligence objectives such as geolocation or perceived impact. Cadet Blizzard, consistent with a Russian military-associated threat actor, continues to mainly target Ukraine, although the relative scope of impact of Cadet Blizzard’s destructive activity is minimal compared to the multiple waves of destructive attacks that we attribute to Seashell Blizzard. In January 2022, Cadet Blizzard launched destructive attacks in Ukraine in the following industry verticals:</p> <ul class="wp-block-list"> <li>Government services</li> <li>Law enforcement</li> <li>Non-profit/non-governmental organization</li> <li>IT service providers/consulting</li> <li>Emergency services</li> </ul> <p>Cadet Blizzard has repeatedly targeted information technology providers and software developers that provide services to government organizations using a supply chain “compromise one, compromise many” technique. The group’s January 2022 compromise of government entities in Ukraine probably were at least in part due to access and information gained during a breach of an information technology provider that often worked with these organizations.</p> <p>Prior to the war in Ukraine, Cadet Blizzard performed historical compromises of several Eastern European entities as well, primarily affecting the government and technology sectors as early as April 2021. As the war continues, Cadet Blizzard activity poses an increasing risk to the broader European community, specifically any successful attacks against governments and IT service providers, which may give the actor both tactical and strategic-level insight into Western operations and policy surrounding the conflict. Gaining heightened levels of access into these targeted sectors may also enable Cadet Blizzard to carry out retaliatory demonstrations in opposition to the West’s support for Ukraine.</p> <h3 class="wp-block-heading" id="tools-tactics-and-procedures">Tools, tactics, and procedures</h3> <p>Cadet Blizzard is a conventional network operator and commonly utilizes living-off-the-land techniques after gaining initial access to move laterally through the network, collect credentials and other information, and deploy defense evasion techniques and persistence mechanisms. Unlike other Russian-affiliated groups that historically prefer to remain undetected to perform espionage, the result of at least some notable Cadet Blizzard operations are extremely disruptive and are almost certainly intended to be public signals to their targets to achieve the larger objective of destruction, disruption, and possibly, intimidation.</p> <figure class="wp-block-image size-large"><img decoding="async" src="https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/06/Figure-3.-Cadet-Blizzards-normal-operational-lifecycle-1-1024x347.webp" alt="Cadet Blizzard's operational lifecycle includes exploiting servers, deploying web shells, pushing tunneling tools, and pivoting to internal networks for initial access. Lateral movement follows, which includes credential access via process dumping, interactive reverse shell via netcat/GOST, command execution via Impacket, disabling antivirus services, and wiping logs. Cadet Blizzard's action on objectives then include exfiltrating data, deploying destructive payloads, and leaking data or targeted information operations." class="wp-image-130503 webp-format" srcset="https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/06/Figure-3.-Cadet-Blizzards-normal-operational-lifecycle-1-1024x347.webp 1024w, https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/06/Figure-3.-Cadet-Blizzards-normal-operational-lifecycle-1-300x102.webp 300w, https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/06/Figure-3.-Cadet-Blizzards-normal-operational-lifecycle-1-768x261.webp 768w, https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/06/Figure-3.-Cadet-Blizzards-normal-operational-lifecycle-1-1536x521.webp 1536w, https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/06/Figure-3.-Cadet-Blizzards-normal-operational-lifecycle-1-2048x695.webp 2048w" data-orig-src="https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/06/Figure-3.-Cadet-Blizzards-normal-operational-lifecycle-1-1024x347.webp"><figcaption class="wp-element-caption">Figure 2. Cadet Blizzard&rsquo;s normal operational lifecycle</figcaption></figure> <p><strong>Initial access</strong></p> <p>Cadet Blizzard predominantly achieves initial access through exploitation of web servers commonly found on network perimeters and DMZs. Cadet Blizzard is also known for exploiting Confluence servers through the CVE-2021-26084 vulnerability, Exchange servers through multiple vulnerabilities including CVE-2022-41040 and ProxyShell, and likely commodity vulnerabilities in various open-source platforms such as content management systems.</p> <p><strong>Persistence</strong></p> <p>Cadet Blizzard frequently persists on target networks through the deployment of commodity web shells used either for commanding or tunneling. Commonly utilized web shells include <a href="https://github.com/flozz/p0wny-shell">P0wnyshell</a>, <a href="https://github.com/sensepost/reGeorg">reGeorg</a>, PAS, and even custom variants included in publicly available exploit kits.</p> <p>In February 2023, <a href="https://cert.gov.ua/article/3947787">CERT-UA reported</a> an attempted attack against a Ukrainian state information system that involved a variant of the PAS web shell, which Microsoft assesses to be unique to Cadet Blizzard operations at the time of the intrusion.</p> <p><strong>Privilege escalation and credential harvesting</strong><br>Cadet Blizzard has leveraged a variety of living-off-the-land techniques to conduct privilege escalation and harvesting of credentials.</p> <ul class="wp-block-list"> <li>Dumping LSASS – Cadet Blizzard uses Sysinternals tools such as <em>procdump</em> to dump LSASS in suspected offline credential harvesting efforts. Cadet Blizzard frequently renames <em>procdump64</em> to alternative names, such as <em>dump64.exe</em>.</li> <li>Dumping registry hives – Cadet Blizzard extracts registry hives using native means via <em>reg save</em>.</li> </ul> <p><strong>Lateral movement</strong><br>Cadet Blizzard conducts lateral movement with valid network credentials obtained from credential harvesting. To conduct lateral movement more efficiently, Cadet Blizzard typically uses modules from the publicly available <a href="https://github.com/fortra/impacket">Impacket framework</a>. While this framework is generically utilized by multiple actors, preferential execution of patterns of commands may allow for more precision profiling of Cadet Blizzard operations:</p> <ul class="wp-block-list"> <li>PowerShell <em>get-volume</em> to enumerate the volume of a device</li> </ul> <figure class="wp-block-image size-large is-resized"><img decoding="async" src="https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/06/Figure-3.-PowerShell-get-volume-command-1024x40.webp" alt="Code displaying the PowerShell get-volume command." class="wp-image-130499 webp-format" style="width:724px;height:28px" srcset="https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/06/Figure-3.-PowerShell-get-volume-command-1024x40.webp 1024w, https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/06/Figure-3.-PowerShell-get-volume-command-300x12.webp 300w, https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/06/Figure-3.-PowerShell-get-volume-command-768x30.webp 768w, https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/06/Figure-3.-PowerShell-get-volume-command-1536x60.webp 1536w, https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/06/Figure-3.-PowerShell-get-volume-command.webp 1882w" data-orig-src="https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/06/Figure-3.-PowerShell-get-volume-command-1024x40.webp"><figcaption class="wp-element-caption">Figure 3. PowerShell <em>get-volume</em> command</figcaption></figure> <ul class="wp-block-list"> <li>Copying critical registry hives that contain password hashes and computer information</li> </ul> <figure class="wp-block-image size-large is-resized"><img decoding="async" src="https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/06/Figure-4.-Copying-critical-registry-hives-1024x70.webp" alt="Code displaying copying of critical registry hives" class="wp-image-130497 webp-format" style="width:724px;height:49px" srcset="https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/06/Figure-4.-Copying-critical-registry-hives-1024x70.webp 1024w, https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/06/Figure-4.-Copying-critical-registry-hives-300x20.webp 300w, https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/06/Figure-4.-Copying-critical-registry-hives-768x52.webp 768w, https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/06/Figure-4.-Copying-critical-registry-hives-1536x104.webp 1536w, https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/06/Figure-4.-Copying-critical-registry-hives.webp 1882w" data-orig-src="https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/06/Figure-4.-Copying-critical-registry-hives-1024x70.webp"><figcaption class="wp-element-caption">Figure 4. Copying critical registry hives</figcaption></figure> <ul class="wp-block-list"> <li>Downloading files directly from actor-owned infrastructure via the PowerShell <em>DownloadFile</em> commandlet</li> </ul> <figure class="wp-block-image size-large"><img decoding="async" src="https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/06/Figure-5.-PowerShell-DownloadFile-commandlet-1024x97.webp" alt="Code displaying PowerShell DownloadFile commandlet" class="wp-image-130498 webp-format" srcset="https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/06/Figure-5.-PowerShell-DownloadFile-commandlet-1024x97.webp 1024w, https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/06/Figure-5.-PowerShell-DownloadFile-commandlet-300x28.webp 300w, https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/06/Figure-5.-PowerShell-DownloadFile-commandlet-768x73.webp 768w, https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/06/Figure-5.-PowerShell-DownloadFile-commandlet-1536x146.webp 1536w, https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/06/Figure-5.-PowerShell-DownloadFile-commandlet.webp 1973w" data-orig-src="https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/06/Figure-5.-PowerShell-DownloadFile-commandlet-1024x97.webp"><figcaption class="wp-element-caption">Figure 5. PowerShell <em>DownloadFile</em> commandlet</figcaption></figure> <p><strong>Command execution&nbsp;and C2</strong></p> <p>Cadet Blizzard periodically uses generic socket-based tunneling utilities to facilitate command and control (C2) to actor-controlled infrastructure. Payloads such as NetCat and Go Simple Tunnel (GOST) are commonly renamed to blend into the operating system but are used to shovel interactive command prompts over established sockets. Frequently, remote command execution may be facilitated through remotely scheduled tasks. The group has also sparingly utilized Meterpreter.</p> <figure class="wp-block-image size-large"><img decoding="async" src="https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/06/Figure-6.-Scheduled-task-creating-a-reverse-shell-1024x104.webp" alt="Code displaying a scheduled task creating a reverse shell" class="wp-image-130500 webp-format" srcset="https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/06/Figure-6.-Scheduled-task-creating-a-reverse-shell-1024x104.webp 1024w, https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/06/Figure-6.-Scheduled-task-creating-a-reverse-shell-300x31.webp 300w, https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/06/Figure-6.-Scheduled-task-creating-a-reverse-shell-768x78.webp 768w, https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/06/Figure-6.-Scheduled-task-creating-a-reverse-shell.webp 1079w" data-orig-src="https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/06/Figure-6.-Scheduled-task-creating-a-reverse-shell-1024x104.webp"><figcaption class="wp-element-caption">Figure 6. Scheduled task creating a reverse shell</figcaption></figure> <p><strong>Operational security</strong></p> <p>Cadet Blizzard utilizes anonymization services IVPN, SurfShark, and Tor as their anonymization layer&nbsp;during select operations.</p> <p><strong>Anti-forensics</strong><br>Cadet Blizzard has been observed leveraging the&nbsp;<em>Win32_NTEventlogFile</em> commandlet in PowerShell to extract both system and security event logs to an operational directory. The activities are anticipated to be consistent with anti-forensics activities.</p> <ul class="wp-block-list"> <li>Common file targets during extraction are:<ul><li><em>sec.evtx</em></li></ul> <ul class="wp-block-list"> <li><em>sys.evtx</em></li> </ul> </li> <li>Cadet Blizzard commonly deletes files used during operational phases seen in lateral movement.</li> <li>Cadet Blizzard malware implants are known to disable Microsoft Defender Antivirus through a variety of means:<ul><li><em>NirSoft AdvancedRun</em> utility, which is used to disable Microsoft Defender Antivirus by stopping the <em>WinDefend</em> service.</li></ul> <ul class="wp-block-list"> <li><em>Disable Windows Defender.bat,</em> which presumably disables Microsoft Defender Antivirus via the registry.</li> </ul> </li> </ul> <figure class="wp-block-image size-large"><img decoding="async" src="https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/06/Figure-7.-Addition-of-registry-key-to-disable-Windows-Defender-1024x66.webp" alt="Code displaying the addition of registry keys to disable Windows Defender" class="wp-image-130501 webp-format" srcset="https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/06/Figure-7.-Addition-of-registry-key-to-disable-Windows-Defender-1024x66.webp 1024w, https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/06/Figure-7.-Addition-of-registry-key-to-disable-Windows-Defender-300x19.webp 300w, https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/06/Figure-7.-Addition-of-registry-key-to-disable-Windows-Defender-768x49.webp 768w, https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/06/Figure-7.-Addition-of-registry-key-to-disable-Windows-Defender.webp 1105w" data-orig-src="https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/06/Figure-7.-Addition-of-registry-key-to-disable-Windows-Defender-1024x66.webp"><figcaption class="wp-element-caption">Figure 7. Addition of registry key to disable Microsoft Defender Antivirus</figcaption></figure> <p><strong>Impact assessment</strong></p> <p>Cadet Blizzard typically collects information en-masse from targeted servers. If mail servers are affected, Cadet Blizzard typically attempts to collect mail, placing incident response communications at risk. Credential material (such as SSH keys) are also a common target to provide methods for re-entry if a full remediation does not occur. As was the case with the WhisperGate operation in January 2022, Cadet Blizzard is known to deploy destructive malware to select target environments to delete data and render systems inoperable.</p> <p>Also in January of 2022, Microsoft identified that data exfiltrated by Cadet Blizzard in compromises of various Ukrainian organizations was leaked on a Tor .onion site under the name “Free Civilian.” The organizations from which data was leaked strongly correlated to multiple Cadet Blizzard compromises earlier in 2022, leading Microsoft to assess that this forum is almost certainly linked to Cadet Blizzard. In February 2023, a new Telegram channel was established under the same “Free Civilian” moniker, suggesting that Cadet Blizzard intends to continue conducting information operations in the second year of the war. However, the public channel only has 1.3K followers with posts getting at most a dozen reactions as of the time of publication, signifying low user interaction. A private channel assumed to be operated by the same group appears to have shared data with 748 of those subscribers.</p> <figure class="wp-block-image size-full"><img decoding="async" src="https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/06/Figure-8.-Free-Civilian-hack-and-leak-front.webp" alt='Screenshot of the Free Civilian hack-and-leak front, including links to "stay in touch".' class="wp-image-130502 webp-format" srcset="" data-orig-src="https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/06/Figure-8.-Free-Civilian-hack-and-leak-front.webp"><figcaption class="wp-element-caption">Figure 8. Free Civilian hack-and-leak front</figcaption></figure> <h3 class="wp-block-heading" id="related-ecosystems">Related ecosystems</h3> <p>Cadet Blizzard operations do not occur in a silo; there have been substantial technical indicators of intersection with other malicious cyber activity that may have a broader scope or a nexus outside of Russia. They have at times utilized services associated with these ecosystems such as Storm-0587, discussed below, as well as having support from at least one private sector enabler organization within Russia. Though there have been various forms of intersections in threat activity, when these groups have been observed operating independently, the tactics, techniques, procedures (TTPs) and capabilities have often been distinct—therefore making it operationally valuable to distinguish these activity groups.</p> <p><strong>Storm-0587</strong></p> <p>Storm-0587 is a cluster of activity beginning as early as April 2021 involving a series of weaponized documents predominantly delivered in phishing operations usually to distribute a series of downloaders and <a href="https://intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/">document stealers</a>. One of Storm-0587&#8217;s trademark tools is <a href="https://www.malwarebytes.com/blog/threat-intelligence/2021/04/a-deep-dive-into-saint-bot-downloader">SaintBot</a>, an uncommon downloader that often appears in spear-phishing emails. This downloader can be customized to deploy almost anything as the payload, but in Ukraine, the malware often deploys a version of an <a href="https://gist.github.com/malwarezone/119bed274bc77b52122fa118f0a72618#file-stealer-au3-L2880">AutoIT information stealer</a> that collects documents on the machine that threat actors deem of interest. This specific version of the malware has been named <a href="https://cert.gov.ua/article/18419">OUTSTEEL by CERT UA</a> and has been observed in several attacks, such as a fake version of the Office of the President of Ukraine’s website created in July 2021 that hid weaponized documents, including OUTSTEEL, that would download onto victim’s machines when the documents are clicked.</p> <h2 class="wp-block-heading" id="mitigation-and-protection-guidance">Mitigation and protection guidance</h2> <h3 class="wp-block-heading" id="defending-against-cadet-blizzard">Defending against Cadet Blizzard</h3> <p>Activities linked to Cadet Blizzard indicate that they are comprehensive in their approach and have demonstrated an ability to hold networks at risk of continued compromise for an extended period of time. A comprehensive approach to incident response may be required in order to fully remediate from Cadet Blizzard operations. Organizations can bolster security of information assets and expedite incident response by focusing on areas of risk based on actor tradecraft enumerated within this report. Use the included indicators of compromise to investigate environments and assess for potential intrusion.</p> <ul class="wp-block-list"> <li>Review all authentication activity for remote access infrastructure, with a particular focus on accounts configured with single factor authentication, to confirm authenticity and investigate any anomalous activity.</li> <li>Enable multifactor authentication (MFA) to mitigate potentially compromised credentials and ensure that MFA is enforced for all remote connectivity.&nbsp;<em>NOTE:</em>&nbsp;Microsoft strongly encourages all customers download and use password-less solutions like&nbsp;<a href="https://www.microsoft.com/account/authenticator/">Microsoft Authenticator</a>&nbsp;to secure accounts.</li> <li>Enable&nbsp;<a href="https://docs.microsoft.com/microsoft-365/security/defender-endpoint/controlled-folders">controlled folder access (CFA)</a> to prevent MBR/VBR modification.</li> <li><a href="https://learn.microsoft.com/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference#block-process-creations-originating-from-psexec-and-wmi-commands">Block process creations originating from PSExec and WMI commands</a>&nbsp;to stop lateral movement utilizing the WMIexec component of Impacket.</li> <li>Turn on&nbsp;<a href="https://learn.microsoft.com/microsoft-365/security/defender-endpoint/configure-block-at-first-sight-microsoft-defender-antivirus">cloud-delivered protection</a>&nbsp;in Microsoft Defender Antivirus, turned on by default in Windows, or the equivalent for your chosen antivirus product to cover rapidly evolving attacker tools and techniques. Cloud-based machine learning protections block a huge majority of new and unknown variants.</li> </ul> <h3 class="wp-block-heading" id="hunting-for-cadet-blizzard-hands-on-keyboard-activity">Hunting for Cadet Blizzard hands-on-keyboard activity</h3> <p>To uncover malicious hands-on-keyboard activities in environments, identify any unusual or unexpected commands or tools launched on systems as well as the presence of any unusual directories or files that could be used for staging or storing malicious tools. Use the common commands, tools, staging directories, and indicators of compromise listed below to help identify Cadet Blizzard intrusion and hands-on-keyboard activity in environments.</p> <p><strong>Common commands</strong></p> <ul class="wp-block-list"> <li><em>systeminfo</em> to fingerprint a device after lateral movement</li> <li><em>get-volume</em> to fingerprint a device after lateral movement</li> <li><em>nslookup</em> to research specific devices (IP) and FQDNs internally</li> <li><em>Get-DnsServerResourceRecord</em> to conduct reconnaissance of an internal DNS namespace</li> <li><em>query session</em> to profile RDP connections</li> <li><em>route print</em> to enumerate routes available on the devices</li> <li><em>DownloadFile</em> via PowerShell to download payloads from external servers</li> </ul> <p><strong>Common tool staging directories</strong></p> <ul class="wp-block-list"> <li><em>C:\ProgramData</em></li> <li><em>C:\PerfLogs</em></li> <li><em>C:\Temp</em></li> <li><em>C:\</em></li> <li>Subdirectories of legitimate (or fake) user accounts within <em>%APPDATA%\Temp</em></li> <li>Subdirectories with the name <em>USOPublic </em>in the path</li> </ul> <p><strong>Common tools</strong></p> <ul class="wp-block-list"> <li>Tor</li> <li>Python</li> <li>SurfShark</li> <li>Teamviewer</li> <li>Meterpreter named as <em>dbus-rpc.exe</em> in known instances</li> <li>IVPN</li> <li>NGROK</li> <li><em>GOST.exe</em> frequently masked as <em>USORead.exe</em><strong></strong></li> <li>regeorg web shell</li> </ul> <p><strong>Indicators of compromise (IOCs)</strong></p> <figure class="wp-block-table table"><table class="has-fixed-layout"><thead><tr><th>IOC</th><th>Type</th><th>Description</th></tr></thead><tbody><tr><td>justiceua[.]org</td><td>Domain</td><td>Sender for non-weaponized emails containing only antagonistic messaging: <em>volodimir_azov@justiceua[.]org</em></td></tr><tr><td>179.43.187[.]33</td><td>IP address</td><td>Hosted the JusticeUA operation between March and April 2022</td></tr><tr><td>3a2a2de20daa74d8f6921230416ed4e6</td><td>PE Import Hash</td><td>PE Import Hash matching WhisperGate malware</td></tr><tr><td>3e4bb8089657fef9b8e84d9e17fd0d7740853c4c0487081dacc4f22359bade5c</td><td>SHA-256</td><td>Web shell &#8211; p0wnyshell (not unique to Cadet Blizzard)</td></tr><tr><td>20215acd064c02e5aa6ae3996b53f5313c3f13625a63da1d3795c992ea730191</td><td>SHA-256</td><td>Web shell &#8211; p0wnyshell (not unique to Cadet Blizzard)</td></tr><tr><td>3fe9214b33ead5c7d1f80af469593638b9e1e5f5730a7d3ba2f96b6b555514d4</td><td>SHA-256</td><td>Web shell &#8211; WSO Shell (not unique to Cadet Blizzard)</td></tr><tr><td>23d6611a730bed886cc3b4ce6780a7b5439b01ddf6706ba120ed3ebeb3b1c478</td><td>SHA-256</td><td>Web shell – reGeorg (not unique to Cadet Blizzard)</td></tr><tr><td>7fedaf0dec060e40cbdf4ec6d0fbfc427593ad5503ad0abaf6b943405863c897</td><td>SHA-256</td><td>Web shell – PAS (may not be unique to Cadet Blizzard)</td></tr></tbody></table></figure> <h3 class="wp-block-heading" id="microsoft-365-defender-detections">Microsoft 365 Defender detections</h3> <p><strong>Microsoft Defender Antivirus</strong></p> <p>Microsoft Defender Antivirus detects behavioral components of techniques this threat actor uses as the following:</p> <ul class="wp-block-list"> <li>Behavior:Win32/WmiprvseRemoteProc</li> </ul> <p>Microsoft Defender Antivirus detects the WhisperGate malware attributed to this threat actor with the following family:</p> <ul class="wp-block-list"> <li>WhisperGate</li> </ul> <p><strong>Microsoft Defender for Endpoint</strong></p> <p>The following Microsoft Defender for Endpoint alerts can indicate associated threat activity:</p> <ul class="wp-block-list"> <li>Cadet Blizzard activity detected</li> <li>Possible Storm-0587 activity detected</li> </ul> <p>The following alerts might also indicate threat activity related to this threat. Note, however, that these alerts can be also triggered by unrelated threat activity.</p> <ul class="wp-block-list"> <li>Ongoing hands-on-keyboard attack via Impacket toolkit</li> <li>Suspicious PowerShell command line</li> <li>Suspicious WMI process creation</li> </ul> <p><strong>Microsoft Defender Vulnerability Management</strong></p> <p>Microsoft Defender Vulnerability Management surfaces devices that may be affected by the following vulnerabilities used in this threat:</p> <ul class="wp-block-list"> <li>CVE-2021-26084</li> <li>CVE-2020-1472</li> <li>CVE-2021-4034</li> </ul> <h3 class="wp-block-heading" id="hunting-queries">Hunting queries</h3> <p><strong>Microsoft 365 Defender</strong></p> <p>Microsoft 365 Defender customers can run the following query to find related activity in their networks:</p> <p>Check for WMIExec Impacket activity with common Cadet Blizzard commands</p> <div class="wp-block-syntaxhighlighter-code "><pre class="brush: plain; gutter: false; title: ; notranslate" title=""> DeviceProcessEvents | where InitiatingProcessFileName =~ &quot;WmiPrvSE.exe&quot; and FileName =~ &quot;cmd.exe&quot; | where ProcessCommandLine matches regex &quot;2&gt;&amp;1&quot; | where ProcessCommandLine has_any (&quot;get-volume&quot;,&quot;systeminfo&quot;,&quot;reg.exe&quot;,&quot;downloadfile&quot;,&quot;nslookup&quot;,&quot;query session&quot;,&quot;route print&quot;) </pre></div> <p>Find PowerShell file downloads</p> <div class="wp-block-syntaxhighlighter-code "><pre class="brush: plain; gutter: false; title: ; notranslate" title=""> DeviceProcessEvents | where FileName == &quot;powershell.exe&quot; and ProcessCommandLine has &quot;DownloadFile&quot; </pre></div> <p>Scheduled task creation, command execution and C2 communication</p> <div class="wp-block-syntaxhighlighter-code "><pre class="brush: plain; gutter: false; title: ; notranslate" title=""> DeviceProcessEvents | where Timestamp &gt; ago(14d) | where FileName =~ &quot;schtasks.exe&quot; | where (ProcessCommandLine contains &quot;splservice&quot; or ProcessCommandLine contains &quot;spl32&quot;) and (ProcessCommandLine contains &quot;127.0.0.1&quot; or ProcessCommandLine contains &quot;2&gt;&amp;1&quot;) </pre></div> <h3 class="wp-block-heading" id="microsoft-sentinel">Microsoft Sentinel</h3> <p>Microsoft Sentinel customers can use the TI Mapping analytics (a series of analytics all prefixed with “TI map”) to automatically match indicators associated with Cadet Blizzard in Microsoft Defender Threat Intelligence (MDTI) with data in their workspace. If the TI Map analytics are not currently deployed, customers can install the Threat Intelligence solution from the Microsoft Sentinel Content Hub to have the MDTI connector and analytics rule deployed in their Sentinel workspace. More details on the Content Hub can be found here: <a href="https://learn.microsoft.com/azure/sentinel/sentinel-solutions-deploy">https://learn.microsoft.com/azure/sentinel/sentinel-solutions-deploy</a>.</p> <p>Microsoft Sentinel also has a range of detection and threat hunting content that customers can use to detect the post exploitation activity detailed in this blog in addition to Microsoft 365 Defender detections list above.</p> <ul class="wp-block-list"> <li><a href="https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Web Shells Threat Protection/Hunting Queries/WebShellActivity.yaml">Web Shell Activity</a></li> <li><a href="https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Windows Security Events/Hunting Queries/CommandsexecutedbyWMIonnewhosts-potentialImpacket.yaml">Commands executed by WMI</a></li> <li><a href="https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Attacker Tools Threat Protection Essentials/Hunting Queries/PotentialImpacketExecution.yaml">Potential Impacket Execution</a></li> <li><a href="https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/Microsoft%20365%20Defender/Credential%20Access/procdump-lsass-credentials.yaml">Dumping LSASS using procdump</a></li> <li><a href="https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/Microsoft%20365%20Defender/Defense%20evasion/PotentialMicrosoftDefenderTampering%5BSolarigate%5D.yaml">Potential Microsoft Defender Tampering</a></li> </ul> <h3 class="wp-block-heading" id="references">References</h3> <ul class="wp-block-list"> <li><a href="https://www.npr.org/2022/01/14/1073001754/ukraine-cyber-attack-government-websites-russia">https://www.npr.org/2022/01/14/1073001754/ukraine-cyber-attack-government-websites-russia</a></li> <li><a href="https://github.com/flozz/p0wny-shell">https://github.com/flozz/p0wny-shell</a></li> <li><a href="https://github.com/sensepost/reGeorg">https://github.com/sensepost/reGeorg</a></li> <li><a href="https://cert.gov.ua/article/3947787">https://cert.gov.ua/article/3947787</a></li> <li><a href="https://github.com/fortra/impacket">https://github.com/fortra/impacket</a></li> <li><a href="https://intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/">https://intezer.com/blog/malware-analysis/targeted-phishing-attack-against-ukrainian-government-expands-to-georgia/</a></li> </ul> <h2 class="wp-block-heading" id="further-reading">Further reading</h2> <p>For the latest security research from the Microsoft Threat Intelligence community, check out the Microsoft Threat Intelligence Blog: <a href="https://aka.ms/threatintelblog">https://aka.ms/threatintelblog</a>.</p> <p>To get notified about new publications and to join discussions on social media, follow us on Twitter at <a href="https://twitter.com/MsftSecIntel" target="_blank" rel="noreferrer noopener">https://twitter.com/MsftSecIntel</a>.</p> <p></p> </div> <section class="single__related pb-5" data-bi-an="Related Article"> <div class="container"> <h2 class="single__related-heading"> Related Posts </h2> <ul class="single__related-posts list-unstyled row row-cols-1 row-cols-sm-2 row-cols-lg-4"> <li class="col d-flex"> <article id="post-104856" class="card material-card is-entire-card-clickable post-104856 post type-post status-publish format-standard has-post-thumbnail hentry content-type-research topic-incident-response topic-threat-intelligence threat-intelligence-threat-actors tag-blizzard tag-extortion"> <div class="card__image card-img card__image--moray-material-card "> <div class="embed-responsive embed-responsive-16by9"> <img width="284" height="189" src="https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2022/01/DEV-0586.jpg" class="card-img embed-responsive-item img-object-cover wp-post-image" alt="" loading="lazy" /> </div> </div> <div class="card__content card-body p-4"> <div class="card__meta mb-g d-flex flex-wrap align-items-baseline"> <div class="card__categories d-inline-flex align-items-center w-100 w-sm-auto mb-g mb-sm-0"> <ul class="list-unstyled d-flex flex-wrap m-0"> <li> <a class="font-weight-bold small" href="https://www.microsoft.com/en-us/security/blog/content-type/research/" data-bi-id="1" data-bi-cn="Research" data-bi-ct="post categories" data-bi-slot="1"> Research </a> </li> <li> <a class="font-weight-bold small" href="https://www.microsoft.com/en-us/security/blog/topic/incident-response/" data-bi-id="1" data-bi-cn="Incident response" data-bi-ct="post categories" data-bi-slot="2"> Incident response </a> </li> <li> <a class="font-weight-bold small" href="https://www.microsoft.com/en-us/security/blog/threat-intelligence/threat-actors/" data-bi-id="1" data-bi-cn="Threat actors" data-bi-ct="post categories" data-bi-slot="3"> Threat actors </a> </li> </ul></div> <div class="card__meta-group d-inline-flex"> <div class="card__date d-sm-inline-flex align-items-center w-sm-auto font-weight-bold small"> <span class="sr-only">Published</span> Jan 15, 2022 </div> <div class="card__read-time d-sm-inline-flex align-items-center font-weight-bold small"> 7 min read </div> </div> </div> <h2 class="m-0 mb-g mb-lg-3 h5 text-body"> <a class="cta" data-bi-cn="Destructive malware targeting Ukrainian organizations" data-bi-id="104856" data-bi-ct="title link" data-bi-tn="content-card" href="https://www.microsoft.com/en-us/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/"> <span>Destructive malware targeting Ukrainian organizations</span>&nbsp;<span class="glyph-prepend glyph-prepend-small glyph-prepend-chevron-right" aria-hidden="true"></span> </a> </h2> <p class="text-neutral-800"> Microsoft Threat Intelligence Center (MSTIC) has identified evidence of a destructive malware operation targeting multiple organizations in Ukraine. </p> </div> </article> </li> <li class="col d-flex"> <article id="post-127276" class="card material-card is-entire-card-clickable post-127276 post type-post status-publish format-standard has-post-thumbnail hentry content-type-research topic-threat-intelligence products-microsoft-defender products-microsoft-defender-threat-intelligence threat-intelligence-threat-actors tag-mint-sandstorm-phosphorus tag-tsunami tag-typhoon review-flag-1694638264-948 review-flag-1694638265-576 review-flag-1694638271-781 review-flag-1-1694638265-354 review-flag-2-1694638266-864 review-flag-3-1694638266-241 review-flag-4-1694638266-512 review-flag-5-1694638266-171 review-flag-6-1694638266-691 review-flag-and-o-1694638265-458 review-flag-new-1694638263-340"> <div class="card__image card-img card__image--moray-material-card "> <div class="embed-responsive embed-responsive-16by9"> <img width="284" height="189" src="https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/04/threat-actor-naming-taxonomy-featured.png" class="card-img embed-responsive-item img-object-cover wp-post-image" alt="Photo of ISO (chief information security officer) collaborating with practitioners in a security operations center." loading="lazy" /> </div> </div> <div class="card__content card-body p-4"> <div class="card__meta mb-g d-flex flex-wrap align-items-baseline"> <div class="card__categories d-inline-flex align-items-center w-100 w-sm-auto mb-g mb-sm-0"> <ul class="list-unstyled d-flex flex-wrap m-0"> <li> <a class="font-weight-bold small" href="https://www.microsoft.com/en-us/security/blog/content-type/research/" data-bi-id="1" data-bi-cn="Research" data-bi-ct="post categories" data-bi-slot="1"> Research </a> </li> <li> <a class="font-weight-bold small" href="https://www.microsoft.com/en-us/security/blog/topic/threat-intelligence/" data-bi-id="1" data-bi-cn="Threat intelligence" data-bi-ct="post categories" data-bi-slot="2"> Threat intelligence </a> </li> <li> <a class="font-weight-bold small" href="https://www.microsoft.com/en-us/security/blog/products/microsoft-defender/" data-bi-id="1" data-bi-cn="Microsoft Defender" data-bi-ct="post categories" data-bi-slot="3"> Microsoft Defender </a> </li> <li> <a class="font-weight-bold small" href="https://www.microsoft.com/en-us/security/blog/threat-intelligence/threat-actors/" data-bi-id="1" data-bi-cn="Threat actors" data-bi-ct="post categories" data-bi-slot="4"> Threat actors </a> </li> </ul></div> <div class="card__meta-group d-inline-flex"> <div class="card__date d-sm-inline-flex align-items-center w-sm-auto font-weight-bold small"> <span class="sr-only">Published</span> Apr 18, 2023 </div> <div class="card__read-time d-sm-inline-flex align-items-center font-weight-bold small"> 7 min read </div> </div> </div> <h2 class="m-0 mb-g mb-lg-3 h5 text-body"> <a class="cta" data-bi-cn="Microsoft shifts to a new threat actor naming taxonomy" data-bi-id="127276" data-bi-ct="title link" data-bi-tn="content-card" href="https://www.microsoft.com/en-us/security/blog/2023/04/18/microsoft-shifts-to-a-new-threat-actor-naming-taxonomy/"> <span>Microsoft shifts to a new threat actor naming taxonomy</span>&nbsp;<span class="glyph-prepend glyph-prepend-small glyph-prepend-chevron-right" aria-hidden="true"></span> </a> </h2> <p class="text-neutral-800"> Microsoft is excited to announce that we are shifting to a new threat actor naming taxonomy aligned to the theme of weather. The complexity, scale, and volume of threats is increasing, driving the need to reimagine not only how Microsoft talks about threats but also how we enable customers to understand those threats quickly and with clarity. </p> </div> </article> </li> <li class="col d-flex"> <article id="post-106281" class="card material-card is-entire-card-clickable post-106281 post type-post status-publish format-standard has-post-thumbnail hentry content-type-research topic-threat-intelligence products-microsoft-defender products-microsoft-defender-for-endpoint products-microsoft-defender-for-office-365 threat-intelligence-attacker-techniques-tools-and-infrastructure threat-intelligence-social-engineering-phishing threat-intelligence-threat-actors tag-blizzard"> <div class="card__image card-img card__image--moray-material-card "> <div class="embed-responsive embed-responsive-16by9"> <img width="284" height="189" src="https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2022/02/ACTINIUM.jpg" class="card-img embed-responsive-item img-object-cover wp-post-image" alt="MSC17_dataCenter Microsoft Contact: Stephen Smith (stepsmit) Agency: Cinco Design Agency Contact: Kate Callahan (kate@cincodesign.com) Photographer: Amy Sacka (http://www.amysackaphotography.com/) Shoot month: March 2017 Location: Portland, OR Business: LinkedIn Datacenter" loading="lazy" /> </div> </div> <div class="card__content card-body p-4"> <div class="card__meta mb-g d-flex flex-wrap align-items-baseline"> <div class="card__categories d-inline-flex align-items-center w-100 w-sm-auto mb-g mb-sm-0"> <ul class="list-unstyled d-flex flex-wrap m-0"> <li> <a class="font-weight-bold small" href="https://www.microsoft.com/en-us/security/blog/content-type/research/" data-bi-id="1" data-bi-cn="Research" data-bi-ct="post categories" data-bi-slot="1"> Research </a> </li> <li> <a class="font-weight-bold small" href="https://www.microsoft.com/en-us/security/blog/topic/threat-intelligence/" data-bi-id="1" data-bi-cn="Threat intelligence" data-bi-ct="post categories" data-bi-slot="2"> Threat intelligence </a> </li> <li> <a class="font-weight-bold small" href="https://www.microsoft.com/en-us/security/blog/products/microsoft-defender/" data-bi-id="1" data-bi-cn="Microsoft Defender" data-bi-ct="post categories" data-bi-slot="3"> Microsoft Defender </a> </li> <li> <a class="font-weight-bold small" href="https://www.microsoft.com/en-us/security/blog/threat-intelligence/attacker-techniques-tools-and-infrastructure/" data-bi-id="3727" data-bi-cn="Attacker techniques, tools, and infrastructure" data-bi-ct="post categories" data-bi-slot="4"> Attacker techniques, tools, and infrastructure </a> </li> </ul></div> <div class="card__meta-group d-inline-flex"> <div class="card__date d-sm-inline-flex align-items-center w-sm-auto font-weight-bold small"> <span class="sr-only">Published</span> Feb 4, 2022 </div> <div class="card__read-time d-sm-inline-flex align-items-center font-weight-bold small"> 19 min read </div> </div> </div> <h2 class="m-0 mb-g mb-lg-3 h5 text-body"> <a class="cta" data-bi-cn="ACTINIUM targets Ukrainian organizations" data-bi-id="106281" data-bi-ct="title link" data-bi-tn="content-card" href="https://www.microsoft.com/en-us/security/blog/2022/02/04/actinium-targets-ukrainian-organizations/"> <span>ACTINIUM targets Ukrainian organizations</span>&nbsp;<span class="glyph-prepend glyph-prepend-small glyph-prepend-chevron-right" aria-hidden="true"></span> </a> </h2> <p class="text-neutral-800"> The Microsoft Threat Intelligence Center (MSTIC) is sharing information on a threat group named ACTINIUM, which has been operational for almost a decade and has consistently pursued access to organizations in Ukraine or entities related to Ukrainian affairs. </p> </div> </article> </li> <li class="col d-flex"> <article id="post-130214" class="card material-card is-entire-card-clickable post-130214 post type-post status-publish format-standard has-post-thumbnail hentry content-type-research topic-threat-intelligence products-microsoft-defender products-microsoft-defender-xdr threat-intelligence-threat-actors tag-living-off-the-land tag-state-sponsored-threat-actor tag-typhoon review-flag-1694638272-264 review-flag-1694638265-576 review-flag-1-1694638265-354 review-flag-2-1694638266-864 review-flag-3-1694638266-241 review-flag-4-1694638266-512 review-flag-5-1694638266-171 review-flag-6-1694638266-691 review-flag-infor-1694638272-144 review-flag-lever-1694638263-909 review-flag-machi-1694638272-641 review-flag-new-1694638263-340"> <div class="card__image card-img card__image--moray-material-card "> <div class="embed-responsive embed-responsive-16by9"> <img width="336" height="189" src="https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/05/Volt-Typhoon-featured-336x189.webp" class="card-img embed-responsive-item img-object-cover wp-post-image" alt="Photo of Orbital Ground Station satellite uplink. Two male datacenter employees walk side by side beneath the orbital ground station" loading="lazy" /> </div> </div> <div class="card__content card-body p-4"> <div class="card__meta mb-g d-flex flex-wrap align-items-baseline"> <div class="card__categories d-inline-flex align-items-center w-100 w-sm-auto mb-g mb-sm-0"> <ul class="list-unstyled d-flex flex-wrap m-0"> <li> <a class="font-weight-bold small" href="https://www.microsoft.com/en-us/security/blog/content-type/research/" data-bi-id="1" data-bi-cn="Research" data-bi-ct="post categories" data-bi-slot="1"> Research </a> </li> <li> <a class="font-weight-bold small" href="https://www.microsoft.com/en-us/security/blog/topic/threat-intelligence/" data-bi-id="1" data-bi-cn="Threat intelligence" data-bi-ct="post categories" data-bi-slot="2"> Threat intelligence </a> </li> <li> <a class="font-weight-bold small" href="https://www.microsoft.com/en-us/security/blog/products/microsoft-defender/" data-bi-id="1" data-bi-cn="Microsoft Defender" data-bi-ct="post categories" data-bi-slot="3"> Microsoft Defender </a> </li> <li> <a class="font-weight-bold small" href="https://www.microsoft.com/en-us/security/blog/threat-intelligence/threat-actors/" data-bi-id="1" data-bi-cn="Threat actors" data-bi-ct="post categories" data-bi-slot="4"> Threat actors </a> </li> </ul></div> <div class="card__meta-group d-inline-flex"> <div class="card__date d-sm-inline-flex align-items-center w-sm-auto font-weight-bold small"> <span class="sr-only">Published</span> May 24, 2023 </div> <div class="card__read-time d-sm-inline-flex align-items-center font-weight-bold small"> 10 min read </div> </div> </div> <h2 class="m-0 mb-g mb-lg-3 h5 text-body"> <a class="cta" data-bi-cn="Volt Typhoon targets US critical infrastructure with living-off-the-land techniques" data-bi-id="130214" data-bi-ct="title link" data-bi-tn="content-card" href="https://www.microsoft.com/en-us/security/blog/2023/05/24/volt-typhoon-targets-us-critical-infrastructure-with-living-off-the-land-techniques/"> <span>Volt Typhoon targets US critical infrastructure with living-off-the-land techniques</span>&nbsp;<span class="glyph-prepend glyph-prepend-small glyph-prepend-chevron-right" aria-hidden="true"></span> </a> </h2> <p class="text-neutral-800"> Chinese state-sponsored actor Volt Typhoon is using stealthy techniques to target US critical infrastructure, conduct espionage, and dwell in compromised environments. </p> </div> </article> </li> </ul> </div> </section> </main> <aside aria-label="Learn more and connect with us"> <div class="container"> <section class="pt-5" data-bi-an="Global CTA"> <div class="card-offset mx-ng mx-md-0"> <div class="row no-gutters material-surface material-color-brand-dark"> <div class="d-flex col-md"> <div class="card-body align-self-center"> <h2 id="global-cta-heading">Get started with Microsoft Security</h2> <div class="mb-3"> <p>Microsoft is a leader in cybersecurity, and we embrace our responsibility to make the world a safer place.</p> </div> <div class="link-group"> <a aria-labelledby="global-cta-heading" data-bi-cn="Learn more" data-bi-ct="cta link" data-bi-id="global-cta-link" href="https://www.microsoft.com/en-us/security?wt.mc_id=AID730391_QSG_BLOG_319247&#038;ocid=AID730391_QSG_BLOG_319247" class="btn btn-inverted-primary text-black" > Learn more </a> </div> </div> </div> <div class="col-md-6"> <div class="card-img rounded-top-right"> <picture> <img width="900" height="360" src="https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2021/06/Security_Blog-banner_900x360.png" class="embed-responsive-item img-object-cover" alt="Banner that reads &quot;protect it all with Microsoft Security&quot;" decoding="async" loading="lazy" srcset="https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2021/06/Security_Blog-banner_900x360.png 900w, https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2021/06/Security_Blog-banner_900x360-300x120.png 300w, https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2021/06/Security_Blog-banner_900x360-768x307.png 768w" sizes="(max-width: 900px) 100vw, 900px" /> </picture> </div> </div> </div> </div> </section> <section class="footer-social py-4 text-center" role="region" aria-label="social media links" data-bi-an="Global CTA Social"> <h2 class="base font-weight-normal align-middle mr-3 mt-0 mb-3 mb-sm-0 d-sm-inline"> Connect with us on social </h2> <ul class="list-inline mb-0 d-inline-flex align-middle"> <li class="list-inline-item mr-3"> <a class="d-flex text-body" aria-label="Follow on X" data-bi-cn="Follow on X" data-bi-id="social-x-link" data-bi-ct="follow link" data-bi-bhvr="126" href="https://twitter.com/msftsecurity" target="_blank" > <span class="svg" aria-hidden="true"> <svg xmlns="http://www.w3.org/2000/svg" width="29" height="29" fill="none" viewBox="0 0 29 29"><g><path fill="currentColor" d="M17.259 12.273 28.055 0h-2.558l-9.375 10.657L8.635 0H0l11.322 16.115L0 28.985h2.558l9.9-11.254 7.907 11.254H29zm-3.504 3.984-1.147-1.605L3.48 1.884h3.93l7.366 10.304 1.147 1.605 9.575 13.394h-3.93z" /></g><defs><path fill="currentColor" d="M0 0h29v29H0z" /></defs></svg> </span> </a> </li> <li class="list-inline-item mr-3"> <a aria-label="Follow on YouTube" data-bi-cn="Follow on YouTube" data-bi-ct="follow link" data-bi-id="social-youtube-link" data-bi-bhvr="126" href="https://www.youtube.com/channel/UC4s3tv0Qq_OSUBfR735Jc6A" target="_blank" > <span class="svg" aria-hidden="true"> <svg xmlns="http://www.w3.org/2000/svg" width="42" height="29" fill="none" viewBox="0 0 42 29"><path fill="red" fill-rule="evenodd" d="M39.253 2.206a5.2 5.2 0 0 1 1.35 2.325c.846 3.23.863 9.976.863 9.976s0 6.745-.863 9.976a5.2 5.2 0 0 1-3.681 3.65C33.69 29 20.726 29 20.726 29s-12.961 0-16.192-.853A5.19 5.19 0 0 1 .87 24.483c-.867-3.231-.867-9.976-.867-9.976s0-6.745.867-9.976A5.19 5.19 0 0 1 4.534.867C7.762 0 20.726 0 20.726 0s12.962 0 16.196.867a5.2 5.2 0 0 1 2.331 1.339m-11.901 12.3L16.58 20.724V8.291l10.77 6.216Z" /></svg> </span> </a> </li> <li class="list-inline-item mr-3"> <a class="d-flex" aria-label="Follow on LinkedIn" data-bi-cn="Follow on LinkedIn" data-bi-ct="follow link" data-bi-id="social-linkedin-link" data-bi-bhvr="126" href="https://www.linkedin.com/showcase/microsoft-security/" target="_blank" > <span class="svg" aria-hidden="true"> <svg xmlns="http://www.w3.org/2000/svg" width="30" height="29" fill="none" viewBox="0 0 30 29"><path fill="#0A66C1" d="M25.011 24.711h-4.203v-6.744c0-1.59-.047-3.66-2.172-3.66-2.172 0-2.55 1.734-2.55 3.564v6.84h-4.203V10.886h4.014v1.879h.047a4.31 4.31 0 0 1 4.014-2.216c4.25 0 5.053 2.89 5.053 6.6zM7.114 9.008c-1.37 0-2.456-1.108-2.456-2.505s1.087-2.505 2.456-2.505c1.37 0 2.455 1.108 2.455 2.505S8.483 9.008 7.114 9.008M9.239 24.71h-4.25V10.886h4.203v13.825zM27.136 0H2.864A2.076 2.076 0 0 0 .786 2.071v24.856c0 1.156.945 2.12 2.078 2.071h24.225c1.133 0 2.078-.915 2.125-2.071V2.071A2.076 2.076 0 0 0 27.136 0" /></svg> </span> </a> </li> </ul> </section> </div> </aside> <div id="footerArea" class="uhf" data-m='{"cN":"footerArea","cT":"Area_coreuiArea","id":"a2Body","sN":2,"aN":"Body"}'> <div id="footerRegion" data-region-key="footerregion" data-m='{"cN":"footerRegion","cT":"Region_coreui-region","id":"r1a2","sN":1,"aN":"a2"}' > <div id="footerUniversalFooter" data-m='{"cN":"footerUniversalFooter","cT":"Module_coreui-universalfooter","id":"m1r1a2","sN":1,"aN":"r1a2"}' data-module-id="Category|footerRegion|coreui-region|footerUniversalFooter|coreui-universalfooter"> <footer id="uhf-footer" class="c-uhff context-uhf" data-uhf-mscc-rq="false" data-footer-footprint="/MSSecurity/MSSecurityFooter, fromService: True" data-m='{"cN":"Uhf footer_cont","cT":"Container","id":"c1m1r1a2","sN":1,"aN":"m1r1a2"}'> <nav class="c-uhff-nav" aria-label="Footer Resource links" data-m='{"cN":"Footer nav_cont","cT":"Container","id":"c1c1m1r1a2","sN":1,"aN":"c1m1r1a2"}'> <div class="c-uhff-nav-row"> <div class="c-uhff-nav-group" data-m='{"cN":"footerNavColumn1_cont","cT":"Container","id":"c1c1c1m1r1a2","sN":1,"aN":"c1c1m1r1a2"}'> <div class="c-heading-4" role="heading" aria-level="2">What&#39;s new</div> <ul class="c-list f-bare"> <li> <a aria-label="Surface Pro What&#39;s new" class="c-uhff-link" href="https://www.microsoft.com/en-us/surface/devices/surface-pro-11th-edition" data-m='{"cN":"Footer_WhatsNew_NewSurfacePro_nav","id":"n1c1c1c1m1r1a2","sN":1,"aN":"c1c1c1m1r1a2"}'>Surface Pro</a> </li> <li> <a aria-label="Surface Laptop What&#39;s new" class="c-uhff-link" href="https://www.microsoft.com/en-us/surface/devices/surface-laptop-7th-edition" data-m='{"cN":"Footer_WhatsNew_SurfaceLaptop_nav","id":"n2c1c1c1m1r1a2","sN":2,"aN":"c1c1c1m1r1a2"}'>Surface Laptop</a> </li> <li> <a aria-label="Surface Laptop Studio 2 What&#39;s new" class="c-uhff-link" href="https://www.microsoft.com/en-us/d/Surface-Laptop-Studio-2/8rqr54krf1dz" data-m='{"cN":"Footer_WhatsNew_SurfaceLaptopStudio2_nav","id":"n3c1c1c1m1r1a2","sN":3,"aN":"c1c1c1m1r1a2"}'>Surface Laptop Studio 2</a> </li> <li> <a aria-label="Surface Laptop Go 3 What&#39;s new" class="c-uhff-link" href="https://www.microsoft.com/en-us/d/Surface-Laptop-Go-3/8p0wwgj6c6l2" data-m='{"cN":"Footer_WhatsNew_SurfaceLaptopGo3_nav","id":"n4c1c1c1m1r1a2","sN":4,"aN":"c1c1c1m1r1a2"}'>Surface Laptop Go 3</a> </li> <li> <a aria-label="Microsoft Copilot What&#39;s new" class="c-uhff-link" href="https://www.microsoft.com/en-us/microsoft-copilot" data-m='{"cN":"Footer_WhatsNew_CopilotMicrosoft_nav","id":"n5c1c1c1m1r1a2","sN":5,"aN":"c1c1c1m1r1a2"}'>Microsoft Copilot</a> </li> <li> <a aria-label="AI in Windows What&#39;s new" class="c-uhff-link" href="https://www.microsoft.com/en-us/windows/copilot-ai-features" data-m='{"cN":"Whatsnew_AIinWindows_nav","id":"n6c1c1c1m1r1a2","sN":6,"aN":"c1c1c1m1r1a2"}'>AI in Windows</a> </li> <li> <a aria-label="Explore Microsoft products What&#39;s new" class="c-uhff-link" href="https://www.microsoft.com/en-us/microsoft-products-and-apps" data-m='{"cN":"Footer_WhatsNew_ExploreMicrosoftProducts_nav","id":"n7c1c1c1m1r1a2","sN":7,"aN":"c1c1c1m1r1a2"}'>Explore Microsoft products</a> </li> <li> <a aria-label="Windows 11 apps What&#39;s new" class="c-uhff-link" href="https://www.microsoft.com/windows/windows-11-apps" data-m='{"cN":"Footer_WhatsNew_Windows_11_apps_nav","id":"n8c1c1c1m1r1a2","sN":8,"aN":"c1c1c1m1r1a2"}'>Windows 11 apps</a> </li> </ul> </div> <div class="c-uhff-nav-group" data-m='{"cN":"footerNavColumn2_cont","cT":"Container","id":"c2c1c1m1r1a2","sN":2,"aN":"c1c1m1r1a2"}'> <div class="c-heading-4" role="heading" aria-level="2">Microsoft Store</div> <ul class="c-list f-bare"> <li> <a aria-label="Account profile Microsoft Store" class="c-uhff-link" href="https://account.microsoft.com/" data-m='{"cN":"Footer_StoreandSupport_AccountProfile_nav","id":"n1c2c1c1m1r1a2","sN":1,"aN":"c2c1c1m1r1a2"}'>Account profile</a> </li> <li> <a aria-label="Download Center Microsoft Store" class="c-uhff-link" href="https://www.microsoft.com/en-us/download" data-m='{"cN":"Footer_StoreandSupport_DownloadCenter_nav","id":"n2c2c1c1m1r1a2","sN":2,"aN":"c2c1c1m1r1a2"}'>Download Center</a> </li> <li> <a aria-label="Microsoft Store support Microsoft Store" class="c-uhff-link" href="https://go.microsoft.com/fwlink/?linkid=2139749" data-m='{"cN":"Footer_StoreandSupport_SalesAndSupport_nav","id":"n3c2c1c1m1r1a2","sN":3,"aN":"c2c1c1m1r1a2"}'>Microsoft Store support</a> </li> <li> <a aria-label="Returns Microsoft Store" class="c-uhff-link" href="https://www.microsoft.com/en-us/store/b/returns" data-m='{"cN":"Footer_StoreandSupport_Returns_nav","id":"n4c2c1c1m1r1a2","sN":4,"aN":"c2c1c1m1r1a2"}'>Returns</a> </li> <li> <a aria-label="Order tracking Microsoft Store" class="c-uhff-link" href="https://www.microsoft.com/en-us/store/b/order-tracking" data-m='{"cN":"Footer_StoreandSupport_OrderTracking_nav","id":"n5c2c1c1m1r1a2","sN":5,"aN":"c2c1c1m1r1a2"}'>Order tracking</a> </li> <li> <a aria-label="Certified Refurbished Microsoft Store" class="c-uhff-link" href="https://www.microsoft.com/en-us/store/b/certified-refurbished-products" data-m='{"cN":"Footer_StoreandSupport_StoreLocations_nav","id":"n6c2c1c1m1r1a2","sN":6,"aN":"c2c1c1m1r1a2"}'>Certified Refurbished</a> </li> <li> <a aria-label="Microsoft Store Promise Microsoft Store" class="c-uhff-link" href="https://www.microsoft.com/en-us/store/b/why-microsoft-store?icid=footer_why-msft-store_7102020" data-m='{"cN":"Footer_StoreandSupport_MicrosoftPromise_nav","id":"n7c2c1c1m1r1a2","sN":7,"aN":"c2c1c1m1r1a2"}'>Microsoft Store Promise</a> </li> <li> <a aria-label="Flexible Payments Microsoft Store" class="c-uhff-link" href="https://www.microsoft.com/en-us/store/b/payment-financing-options?icid=footer_financing_vcc" data-m='{"cN":"Footer_StoreandSupport_Financing_nav","id":"n8c2c1c1m1r1a2","sN":8,"aN":"c2c1c1m1r1a2"}'>Flexible Payments</a> </li> </ul> </div> <div class="c-uhff-nav-group" data-m='{"cN":"footerNavColumn3_cont","cT":"Container","id":"c3c1c1m1r1a2","sN":3,"aN":"c1c1m1r1a2"}'> <div class="c-heading-4" role="heading" aria-level="2">Education</div> <ul class="c-list f-bare"> <li> <a aria-label="Microsoft in education Education" class="c-uhff-link" href="https://www.microsoft.com/en-us/education" data-m='{"cN":"Footer_Education_MicrosoftInEducation_nav","id":"n1c3c1c1m1r1a2","sN":1,"aN":"c3c1c1m1r1a2"}'>Microsoft in education</a> </li> <li> <a aria-label="Devices for education Education" class="c-uhff-link" href="https://www.microsoft.com/en-us/education/devices/overview" data-m='{"cN":"Footer_Education_DevicesforEducation_nav","id":"n2c3c1c1m1r1a2","sN":2,"aN":"c3c1c1m1r1a2"}'>Devices for education</a> </li> <li> <a aria-label="Microsoft Teams for Education Education" class="c-uhff-link" href="https://www.microsoft.com/en-us/education/products/teams" data-m='{"cN":"Footer_Education_MicrosoftTeamsforEducation_nav","id":"n3c3c1c1m1r1a2","sN":3,"aN":"c3c1c1m1r1a2"}'>Microsoft Teams for Education</a> </li> <li> <a aria-label="Microsoft 365 Education Education" class="c-uhff-link" href="https://www.microsoft.com/en-us/education/products/microsoft-365" data-m='{"cN":"Footer_Education_Microsoft365Education_nav","id":"n4c3c1c1m1r1a2","sN":4,"aN":"c3c1c1m1r1a2"}'>Microsoft 365 Education</a> </li> <li> <a aria-label="How to buy for your school Education" class="c-uhff-link" href="https://www.microsoft.com/education/how-to-buy" data-m='{"cN":"Footer_Howtobuyforyourschool_nav","id":"n5c3c1c1m1r1a2","sN":5,"aN":"c3c1c1m1r1a2"}'>How to buy for your school</a> </li> <li> <a aria-label="Educator training and development Education" class="c-uhff-link" href="https://education.microsoft.com/" data-m='{"cN":"Footer_Education_EducatorTrainingDevelopment_nav","id":"n6c3c1c1m1r1a2","sN":6,"aN":"c3c1c1m1r1a2"}'>Educator training and development</a> </li> <li> <a aria-label="Deals for students and parents Education" class="c-uhff-link" href="https://www.microsoft.com/en-us/store/b/education" data-m='{"cN":"Footer_Education_DealsForStudentsandParents_nav","id":"n7c3c1c1m1r1a2","sN":7,"aN":"c3c1c1m1r1a2"}'>Deals for students and parents</a> </li> <li> <a aria-label="Azure for students Education" class="c-uhff-link" href="https://azure.microsoft.com/en-us/free/students/" data-m='{"cN":"Footer_Education_Azureforstudents_nav","id":"n8c3c1c1m1r1a2","sN":8,"aN":"c3c1c1m1r1a2"}'>Azure for students</a> </li> </ul> </div> </div> <div class="c-uhff-nav-row"> <div class="c-uhff-nav-group" data-m='{"cN":"footerNavColumn4_cont","cT":"Container","id":"c4c1c1m1r1a2","sN":4,"aN":"c1c1m1r1a2"}'> <div class="c-heading-4" role="heading" aria-level="2">Business</div> <ul class="c-list f-bare"> <li> <a aria-label="Microsoft Cloud Business" class="c-uhff-link" href="https://www.microsoft.com/en-us/microsoft-cloud" data-m='{"cN":"Footer_Business_Microsoft_Cloud_nav","id":"n1c4c1c1m1r1a2","sN":1,"aN":"c4c1c1m1r1a2"}'>Microsoft Cloud</a> </li> <li> <a aria-label="Microsoft Security Business" class="c-uhff-link" href="https://www.microsoft.com/en-us/security" data-m='{"cN":"Footer_Business_Microsoft Security_nav","id":"n2c4c1c1m1r1a2","sN":2,"aN":"c4c1c1m1r1a2"}'>Microsoft Security</a> </li> <li> <a aria-label="Dynamics 365 Business" class="c-uhff-link" href="https://www.microsoft.com/en-us/dynamics-365" data-m='{"cN":"Footer_Business_MicrosoftDynamics365_nav","id":"n3c4c1c1m1r1a2","sN":3,"aN":"c4c1c1m1r1a2"}'>Dynamics 365</a> </li> <li> <a aria-label="Microsoft 365 Business" class="c-uhff-link" href="https://www.microsoft.com/en-us/microsoft-365/business" data-m='{"cN":"Footer_Business_M365_nav","id":"n4c4c1c1m1r1a2","sN":4,"aN":"c4c1c1m1r1a2"}'>Microsoft 365</a> </li> <li> <a aria-label="Microsoft Power Platform Business" class="c-uhff-link" href="https://www.microsoft.com/en-us/power-platform" data-m='{"cN":"Footer_DeveloperAndIT_Power Platform_nav","id":"n5c4c1c1m1r1a2","sN":5,"aN":"c4c1c1m1r1a2"}'>Microsoft Power Platform</a> </li> <li> <a aria-label="Microsoft Teams Business" class="c-uhff-link" href="https://www.microsoft.com/en-us/microsoft-teams/group-chat-software" data-m='{"cN":"Footer_Business_Microsoft365_nav","id":"n6c4c1c1m1r1a2","sN":6,"aN":"c4c1c1m1r1a2"}'>Microsoft Teams</a> </li> <li> <a aria-label="Microsoft 365 Copilot Business" class="c-uhff-link" href="https://www.microsoft.com/en-us/microsoft-365/copilot/copilot-for-work" data-m='{"cN":"Footer_CopilotMicrosoft365_nav","id":"n7c4c1c1m1r1a2","sN":7,"aN":"c4c1c1m1r1a2"}'>Microsoft 365 Copilot</a> </li> <li> <a aria-label="Small Business Business" class="c-uhff-link" href="https://www.microsoft.com/en-us/store/b/business?icid=CNavBusinessStore" data-m='{"cN":"Footer_Business-SmallBusiness_nav","id":"n8c4c1c1m1r1a2","sN":8,"aN":"c4c1c1m1r1a2"}'>Small Business</a> </li> </ul> </div> <div class="c-uhff-nav-group" data-m='{"cN":"footerNavColumn5_cont","cT":"Container","id":"c5c1c1m1r1a2","sN":5,"aN":"c1c1m1r1a2"}'> <div class="c-heading-4" role="heading" aria-level="2">Developer &amp; IT</div> <ul class="c-list f-bare"> <li> <a aria-label="Azure Developer &amp; IT" class="c-uhff-link" href="https://azure.microsoft.com/en-us/" data-m='{"cN":"Footer_DeveloperAndIT_MicrosoftAzure_nav","id":"n1c5c1c1m1r1a2","sN":1,"aN":"c5c1c1m1r1a2"}'>Azure</a> </li> <li> <a aria-label="Developer Center Developer &amp; IT" class="c-uhff-link" href="https://developer.microsoft.com/en-us/" data-m='{"cN":"Footer_DeveloperAndIT_DeveloperCenter_nav","id":"n2c5c1c1m1r1a2","sN":2,"aN":"c5c1c1m1r1a2"}'>Developer Center</a> </li> <li> <a aria-label="Documentation Developer &amp; IT" class="c-uhff-link" href="https://learn.microsoft.com/docs/" data-m='{"cN":"Footer_DeveloperAndIT_Documentation_nav","id":"n3c5c1c1m1r1a2","sN":3,"aN":"c5c1c1m1r1a2"}'>Documentation</a> </li> <li> <a aria-label="Microsoft Learn Developer &amp; IT" class="c-uhff-link" href="https://learn.microsoft.com/" data-m='{"cN":"Footer_DeveloperAndIT_MicrosoftLearn_nav","id":"n4c5c1c1m1r1a2","sN":4,"aN":"c5c1c1m1r1a2"}'>Microsoft Learn</a> </li> <li> <a aria-label="Microsoft Tech Community Developer &amp; IT" class="c-uhff-link" href="https://techcommunity.microsoft.com/" data-m='{"cN":"Footer_DeveloperAndIT_MicrosoftTechCommunity_nav","id":"n5c5c1c1m1r1a2","sN":5,"aN":"c5c1c1m1r1a2"}'>Microsoft Tech Community</a> </li> <li> <a aria-label="Azure Marketplace Developer &amp; IT" class="c-uhff-link" href="https://azuremarketplace.microsoft.com/en-us/" data-m='{"cN":"Footer_DeveloperAndIT_AzureMarketplace_nav","id":"n6c5c1c1m1r1a2","sN":6,"aN":"c5c1c1m1r1a2"}'>Azure Marketplace</a> </li> <li> <a aria-label="AppSource Developer &amp; IT" class="c-uhff-link" href="https://appsource.microsoft.com/en-us/" data-m='{"cN":"Footer_DeveloperAndIT_AppSource_nav","id":"n7c5c1c1m1r1a2","sN":7,"aN":"c5c1c1m1r1a2"}'>AppSource</a> </li> <li> <a aria-label="Visual Studio Developer &amp; IT" class="c-uhff-link" href="https://visualstudio.microsoft.com/" data-m='{"cN":"Footer_DeveloperAndIT_MicrosoftVisualStudio_nav","id":"n8c5c1c1m1r1a2","sN":8,"aN":"c5c1c1m1r1a2"}'>Visual Studio</a> </li> </ul> </div> <div class="c-uhff-nav-group" data-m='{"cN":"footerNavColumn6_cont","cT":"Container","id":"c6c1c1m1r1a2","sN":6,"aN":"c1c1m1r1a2"}'> <div class="c-heading-4" role="heading" aria-level="2">Company</div> <ul class="c-list f-bare"> <li> <a aria-label="Careers Company" class="c-uhff-link" href="https://careers.microsoft.com/" data-m='{"cN":"Footer_Company_Careers_nav","id":"n1c6c1c1m1r1a2","sN":1,"aN":"c6c1c1m1r1a2"}'>Careers</a> </li> <li> <a aria-label="About Microsoft Company" class="c-uhff-link" href="https://www.microsoft.com/about" data-m='{"cN":"Footer_Company_AboutMicrosoft_nav","id":"n2c6c1c1m1r1a2","sN":2,"aN":"c6c1c1m1r1a2"}'>About Microsoft</a> </li> <li> <a aria-label="Company news Company" class="c-uhff-link" href="https://news.microsoft.com/" data-m='{"cN":"Footer_Company_CompanyNews_nav","id":"n3c6c1c1m1r1a2","sN":3,"aN":"c6c1c1m1r1a2"}'>Company news</a> </li> <li> <a aria-label="Privacy at Microsoft Company" class="c-uhff-link" href="https://privacy.microsoft.com/en-us" data-m='{"cN":"Footer_Company_PrivacyAtMicrosoft_nav","id":"n4c6c1c1m1r1a2","sN":4,"aN":"c6c1c1m1r1a2"}'>Privacy at Microsoft</a> </li> <li> <a aria-label="Investors Company" class="c-uhff-link" href="https://www.microsoft.com/investor/default.aspx" data-m='{"cN":"Footer_Company_Investors_nav","id":"n5c6c1c1m1r1a2","sN":5,"aN":"c6c1c1m1r1a2"}'>Investors</a> </li> <li> <a aria-label="Diversity and inclusion Company" class="c-uhff-link" href="https://www.microsoft.com/en-us/diversity/" data-m='{"cN":"Footer_Company_DiversityAndInclusion_nav","id":"n6c6c1c1m1r1a2","sN":6,"aN":"c6c1c1m1r1a2"}'>Diversity and inclusion</a> </li> <li> <a aria-label="Accessibility Company" class="c-uhff-link" href="https://www.microsoft.com/en-us/accessibility" data-m='{"cN":"Footer_Company_Accessibility_nav","id":"n7c6c1c1m1r1a2","sN":7,"aN":"c6c1c1m1r1a2"}'>Accessibility</a> </li> <li> <a aria-label="Sustainability Company" class="c-uhff-link" href="https://www.microsoft.com/en-us/sustainability/" data-m='{"cN":"Footer_Company_Sustainability_nav","id":"n8c6c1c1m1r1a2","sN":8,"aN":"c6c1c1m1r1a2"}'>Sustainability</a> </li> </ul> </div> </div> </nav> <div class="c-uhff-base"> <a id="locale-picker-link" aria-label="Content Language Selector. Currently set to English (United States)" class="c-uhff-link c-uhff-lang-selector c-glyph glyph-world" href="https://www.microsoft.com/en-us/security/locale" data-m='{"cN":"locale_picker(US)_nav","id":"n7c1c1m1r1a2","sN":7,"aN":"c1c1m1r1a2"}'>English (United States)</a> <a data-m='{"id":"n8c1c1m1r1a2","sN":8,"aN":"c1c1m1r1a2"}' href="https://aka.ms/yourcaliforniaprivacychoices" class='c-uhff-link c-uhff-ccpa'> <svg role="img" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 30 14" xml:space="preserve" height="16" width="43"> <title>Your Privacy Choices Opt-Out Icon</title> <path d="M7.4 12.8h6.8l3.1-11.6H7.4C4.2 1.2 1.6 3.8 1.6 7s2.6 5.8 5.8 5.8z" style="fill-rule:evenodd;clip-rule:evenodd;fill:#fff"/> <path d="M22.6 0H7.4c-3.9 0-7 3.1-7 7s3.1 7 7 7h15.2c3.9 0 7-3.1 7-7s-3.2-7-7-7zm-21 7c0-3.2 2.6-5.8 5.8-5.8h9.9l-3.1 11.6H7.4c-3.2 0-5.8-2.6-5.8-5.8z" style="fill-rule:evenodd;clip-rule:evenodd;fill:#06f"/> <path d="M24.6 4c.2.2.2.6 0 .8L22.5 7l2.2 2.2c.2.2.2.6 0 .8-.2.2-.6.2-.8 0l-2.2-2.2-2.2 2.2c-.2.2-.6.2-.8 0-.2-.2-.2-.6 0-.8L20.8 7l-2.2-2.2c-.2-.2-.2-.6 0-.8.2-.2.6-.2.8 0l2.2 2.2L23.8 4c.2-.2.6-.2.8 0z" style="fill:#fff"/> <path d="M12.7 4.1c.2.2.3.6.1.8L8.6 9.8c-.1.1-.2.2-.3.2-.2.1-.5.1-.7-.1L5.4 7.7c-.2-.2-.2-.6 0-.8.2-.2.6-.2.8 0L8 8.6l3.8-4.5c.2-.2.6-.2.9 0z" style="fill:#06f"/> </svg> <span>Your Privacy Choices</span> </a> <noscript> <a data-m='{"id":"n9c1c1m1r1a2","sN":9,"aN":"c1c1m1r1a2"}' href="https://aka.ms/yourcaliforniaprivacychoices" class='c-uhff-link c-uhff-ccpa'> <svg role="img" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 30 14" xml:space="preserve" height="16" width="43"> <title>Your Privacy Choices Opt-Out Icon</title> <path d="M7.4 12.8h6.8l3.1-11.6H7.4C4.2 1.2 1.6 3.8 1.6 7s2.6 5.8 5.8 5.8z" style="fill-rule:evenodd;clip-rule:evenodd;fill:#fff"/> <path d="M22.6 0H7.4c-3.9 0-7 3.1-7 7s3.1 7 7 7h15.2c3.9 0 7-3.1 7-7s-3.2-7-7-7zm-21 7c0-3.2 2.6-5.8 5.8-5.8h9.9l-3.1 11.6H7.4c-3.2 0-5.8-2.6-5.8-5.8z" style="fill-rule:evenodd;clip-rule:evenodd;fill:#06f"/> <path d="M24.6 4c.2.2.2.6 0 .8L22.5 7l2.2 2.2c.2.2.2.6 0 .8-.2.2-.6.2-.8 0l-2.2-2.2-2.2 2.2c-.2.2-.6.2-.8 0-.2-.2-.2-.6 0-.8L20.8 7l-2.2-2.2c-.2-.2-.2-.6 0-.8.2-.2.6-.2.8 0l2.2 2.2L23.8 4c.2-.2.6-.2.8 0z" style="fill:#fff"/> <path d="M12.7 4.1c.2.2.3.6.1.8L8.6 9.8c-.1.1-.2.2-.3.2-.2.1-.5.1-.7-.1L5.4 7.7c-.2-.2-.2-.6 0-.8.2-.2.6-.2.8 0L8 8.6l3.8-4.5c.2-.2.6-.2.9 0z" style="fill:#06f"/> </svg> <span>Your Privacy Choices</span> </a> </noscript> <a data-m='{"id":"n10c1c1m1r1a2","sN":10,"aN":"c1c1m1r1a2"}' href="https://go.microsoft.com/fwlink/?linkid=2259814" class="c-uhff-link c-uhff-consumer"> <span>Consumer Health Privacy</span> </a> <nav aria-label="Microsoft corporate links"> <ul class="c-list f-bare" data-m='{"cN":"Corp links_cont","cT":"Container","id":"c11c1c1m1r1a2","sN":11,"aN":"c1c1m1r1a2"}'> <li id="c-uhff-footer_sitemap"> <a class="c-uhff-link" href="https://www.microsoft.com/en-us/sitemap1.aspx" data-mscc-ic="false" data-m='{"cN":"Footer_Sitemap_nav","id":"n1c11c1c1m1r1a2","sN":1,"aN":"c11c1c1m1r1a2"}'>Sitemap</a> </li> <li id="c-uhff-footer_contactus"> <a class="c-uhff-link" href="https://support.microsoft.com/contactus" data-mscc-ic="false" data-m='{"cN":"Footer_ContactUs_nav","id":"n2c11c1c1m1r1a2","sN":2,"aN":"c11c1c1m1r1a2"}'>Contact Microsoft</a> </li> <li id="c-uhff-footer_privacyandcookies"> <a class="c-uhff-link" href="https://go.microsoft.com/fwlink/?LinkId=521839" data-mscc-ic="false" data-m='{"cN":"Footer_PrivacyandCookies_nav","id":"n3c11c1c1m1r1a2","sN":3,"aN":"c11c1c1m1r1a2"}'>Privacy </a> </li> <li class=" x-hidden" id="c-uhff-footer_managecookies"> <a class="c-uhff-link" href="#" data-mscc-ic="false" data-m='{"cN":"Footer_ManageCookies_nav","id":"n4c11c1c1m1r1a2","sN":4,"aN":"c11c1c1m1r1a2"}'>Manage cookies</a> </li> <li id="c-uhff-footer_termsofuse"> <a class="c-uhff-link" href="https://go.microsoft.com/fwlink/?LinkID=206977" data-mscc-ic="false" data-m='{"cN":"Footer_TermsOfUse_nav","id":"n5c11c1c1m1r1a2","sN":5,"aN":"c11c1c1m1r1a2"}'>Terms of use</a> </li> <li id="c-uhff-footer_trademarks"> <a class="c-uhff-link" href="https://go.microsoft.com/fwlink/?linkid=2196228" data-mscc-ic="false" data-m='{"cN":"Footer_Trademarks_nav","id":"n6c11c1c1m1r1a2","sN":6,"aN":"c11c1c1m1r1a2"}'>Trademarks</a> </li> <li id="c-uhff-footer_safetyandeco"> <a class="c-uhff-link" href="https://go.microsoft.com/fwlink/?linkid=2196227" data-mscc-ic="false" data-m='{"cN":"Footer_SafetyAndEco_nav","id":"n7c11c1c1m1r1a2","sN":7,"aN":"c11c1c1m1r1a2"}'>Safety &amp; eco</a> </li> <li id="c-uhff-recycling"> <a class="c-uhff-link" href="https://www.microsoft.com/en-us/legal/compliance/recycling" data-mscc-ic="false" data-m='{"cN":"Recycling_nav","id":"n8c11c1c1m1r1a2","sN":8,"aN":"c11c1c1m1r1a2"}'>Recycling</a> </li> <li id="c-uhff-footer_aboutourads"> <a class="c-uhff-link" href="https://choice.microsoft.com" data-mscc-ic="false" data-m='{"cN":"Footer_AboutourAds_nav","id":"n9c11c1c1m1r1a2","sN":9,"aN":"c11c1c1m1r1a2"}'>About our ads</a> </li> <li>&#169; Microsoft 2024</li> </ul> </nav> </div> </footer> <script id="uhf-footer-ccpa"> const globalPrivacyControlEnabled = navigator.globalPrivacyControl; const GPC_DataSharingOptIn = (globalPrivacyControlEnabled) ? false : checkThirdPartyAdsOptOutCookie(); function checkThirdPartyAdsOptOutCookie() { try { const ThirdPartyAdsOptOutCookieName = '3PAdsOptOut'; var cookieValue = getCookie(ThirdPartyAdsOptOutCookieName); return cookieValue != 1; } catch { return true; } } function getCookie(cookieName) { var cookieValue = document.cookie.match('(^|;)\\s*' + cookieName + '\\s*=\\s*([^;]+)'); return (cookieValue) ? cookieValue[2] : ''; } </script> </div> </div> </div> <script> function onConsentChanged( categoryPreferences ) { Metrics_3P_Scripts(); // If any categories are disabled, clear all cookies if ( ! siteConsent.getConsentFor( WcpConsent.consentCategories.Analytics ) ) { Metrics_Clear_Cookies( 'Analytics' ); } if ( ! siteConsent.getConsentFor( WcpConsent.consentCategories.Advertising ) ) { Metrics_Clear_Cookies( 'Advertising' ); } if ( ! siteConsent.getConsentFor( WcpConsent.consentCategories.SocialMedia ) ) { Metrics_Clear_Cookies( 'SocialMedia' ); } } function Metrics_Clear_Cookies( category ) { var all_cookies = document.cookie.split(";"); // array of cookie names to clear const cookie_names = [ '_clck', '_clsk', '_fbp', '_uetvid', 'mbox', 'AnalyticsSyncHistory', 'bcookie', 'bscookie', 'li_sugr', 'lidc', 'li_gc', 'UserMatchHistory', ]; for ( var i = 0; i < all_cookies.length; i++ ) { var cookie_name = all_cookies[i].split("=")[0].trim(); if ( cookie_names.includes( cookie_name ) ) { document.cookie = cookie_name + '=;expires=Thu, 01 Jan 1970 00:00:01 GMT;'; } } } function Metrics_3P_Scripts(){ // if GPC_DataSharingOptIn is set and true set Metrics_3POptIn var Metrics_3P_OptIn = false; if ( typeof GPC_DataSharingOptIn !== 'undefined' && GPC_DataSharingOptIn ) { Metrics_3P_OptIn = true; } else { Metrics_3P_OptIn = false; Metrics_Clear_Cookies(); } if ( siteConsent.getConsentFor( WcpConsent.consentCategories.Analytics ) && Metrics_3P_OptIn ) { if ( typeof comscoreTag === "function" ) { comscoreTag(); } if ( typeof microsoftAds === "function" ) { microsoftAds(); } if ( siteConsent.getConsentFor( WcpConsent.consentCategories.Advertising ) ) { if ( typeof adobeTargetTracking === "function" ) { adobeTargetTracking(); } if ( typeof clarityTracking === "function" ) { clarityTracking(); } if ( siteConsent.getConsentFor( WcpConsent.consentCategories.SocialMedia ) ) { if ( typeof facebookTracking === "function" ) { facebookTracking(); } if ( typeof linkedinTracking === "function" ) { linkedinTracking(); } } } if ( siteConsent.getConsentFor( WcpConsent.consentCategories.SocialMedia ) ) { } } if ( siteConsent.getConsentFor( WcpConsent.consentCategories.Advertising ) && Metrics_3P_OptIn ) { if ( typeof doubleclickTracking === "function" ) { doubleclickTracking(); } if ( siteConsent.getConsentFor( WcpConsent.consentCategories.SocialMedia ) ) { } } if ( siteConsent.getConsentFor( WcpConsent.consentCategories.SocialMedia ) && Metrics_3P_OptIn ) { } } window.WcpConsent && WcpConsent.init( "en-US", "ms-cookie-banner", function (err, _siteConsent) { if ( ! err ) { siteConsent = _siteConsent; //siteConsent is used to get the current consent var consentRequiredElementExists = document.getElementById( "c-uhff-footer_managecookies" ) && siteConsent.isConsentRequired; if ( consentRequiredElementExists ) { document.getElementById( "c-uhff-footer_managecookies" ).classList.remove("x-hidden"); document.getElementById( "c-uhff-footer_managecookies" ).onclick = function() { siteConsent.manageConsent(); }; } Metrics_3P_Scripts(); } else { console.log( "Error initializing WcpConsent: " + err ); } }, onConsentChanged ); </script> <script type="text/template" id="js-uhf-rss-template"> <div class="btn-group" id="filters-rss"> <a href="https://www.microsoft.com/en-us/security/blog/feed" class="btn" aria-label="RSS Feed" > <img src="https://www.microsoft.com/en-us/security/blog/wp-content/plugins/microsoft-uhf/assets/icon-rss.svg" alt="RSS Feed"/> </a> </div> </script> <script type="text/javascript" src="https://www.microsoft.com/en-us/security/blog/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/scripts/shCore.js?ver=3.0.9b" id="syntaxhighlighter-core-js"></script> <script type="text/javascript" src="https://www.microsoft.com/en-us/security/blog/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/scripts/shBrushPlain.js?ver=3.0.9b" id="syntaxhighlighter-brush-plain-js"></script> <script type='text/javascript'> (function(){ var corecss = document.createElement('link'); var themecss = document.createElement('link'); var corecssurl = "https://www.microsoft.com/en-us/security/blog/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/styles/shCore.css?ver=3.0.9b"; if ( corecss.setAttribute ) { corecss.setAttribute( "rel", "stylesheet" ); corecss.setAttribute( "type", "text/css" ); corecss.setAttribute( "href", corecssurl ); } else { corecss.rel = "stylesheet"; corecss.href = corecssurl; } document.head.appendChild( corecss ); var themecssurl = "https://www.microsoft.com/en-us/security/blog/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/styles/shThemeDefault.css?ver=3.0.9b"; if ( themecss.setAttribute ) { themecss.setAttribute( "rel", "stylesheet" ); themecss.setAttribute( "type", "text/css" ); themecss.setAttribute( "href", themecssurl ); } else { themecss.rel = "stylesheet"; themecss.href = themecssurl; } document.head.appendChild( themecss ); })(); SyntaxHighlighter.config.strings.expandSource = '+ expand source'; SyntaxHighlighter.config.strings.help = '?'; SyntaxHighlighter.config.strings.alert = 'SyntaxHighlighter\n\n'; SyntaxHighlighter.config.strings.noBrush = 'Can\'t find brush for: '; SyntaxHighlighter.config.strings.brushNotHtmlScript = 'Brush wasn\'t configured for html-script option: '; SyntaxHighlighter.defaults['pad-line-numbers'] = false; SyntaxHighlighter.defaults['toolbar'] = false; SyntaxHighlighter.all(); // Infinite scroll support if ( typeof( jQuery ) !== 'undefined' ) { jQuery( function( $ ) { $( document.body ).on( 'post-load', function() { SyntaxHighlighter.highlight(); } ); } ); } </script> <script type="text/javascript" src="https://www.microsoft.com/en-us/security/blog/wp-content/themes/security-blog/dist/js/moray-scripts.js?ver=248d31e3864eb5a3d005" id="mse-moray-scripts-js"></script> <script type="text/javascript" id="frontend-js-extra"> /* <![CDATA[ */ var securityBlog = {"i18n":{"more":"more","less":"less","more_tags":"View more tags","less_tags":"View less tags"}}; /* ]]> */ </script> <script type="text/javascript" src="https://www.microsoft.com/en-us/security/blog/wp-content/themes/security-blog/dist/js/frontend.js?ver=1b4d96d0f0d4585f3c62" id="frontend-js"></script> <script type="text/javascript" src="https://www.microsoft.com/en-us/security/blog/wp-includes/js/dist/dom-ready.min.js?ver=f77871ff7694fffea381" id="wp-dom-ready-js"></script> <script type="text/javascript" src="https://www.microsoft.com/en-us/security/blog/wp-includes/js/dist/hooks.min.js?ver=2810c76e705dd1a53b18" id="wp-hooks-js"></script> <script type="text/javascript" src="https://www.microsoft.com/en-us/security/blog/wp-includes/js/dist/i18n.min.js?ver=5e580eb46a90c2b997e6" id="wp-i18n-js"></script> <script type="text/javascript" id="wp-i18n-js-after"> /* <![CDATA[ */ wp.i18n.setLocaleData( { 'text direction\u0004ltr': [ 'ltr' ] } ); /* ]]> */ </script> <script type="text/javascript" src="https://www.microsoft.com/en-us/security/blog/wp-includes/js/dist/a11y.min.js?ver=d90eebea464f6c09bfd5" id="wp-a11y-js"></script> <script type="text/javascript" id="msx-frontend-js-extra"> /* <![CDATA[ */ var msx = {"darkModeToggle":"1","i18n":{"loadMore":"Load more","loading":"Loading","loadingStart":"Loading more. Please wait.","loadingEnd":"Loading complete. %d items added.","loadMoreAriaLabel":"Load more results","light":"Switch the site theme to: dark","dark":"Switch the site theme to: light","toggleOptionLight":"Light","toggleOptionDark":"Dark"}}; /* ]]> */ </script> <script type="text/javascript" src="https://www.microsoft.com/en-us/security/blog/wp-content/themes/xtheme/dist/js/frontend.js?ver=1732562319" id="msx-frontend-js"></script> <script type="text/javascript" src="https://www.microsoft.com/en-us/security/blog/wp-content/plugins/cloud-marketing-modules/dist/js/frontend.js?ver=1732562297" id="msxcm-frontend-js"></script> <script type="text/javascript" src="https://www.microsoft.com/en-us/security/blog/wp-content/plugins/oembeds/assets/js/vendor/focus-within.js?ver=1.3.10" id="ms-oembed-focus-within-js"></script> <script type="text/javascript" id="ms-oembed-gif-script-js-extra"> /* <![CDATA[ */ var msgifs = {"play":"Play animated gif","pause":"Pause animated gif"}; /* ]]> */ </script> <script type="text/javascript" src="https://www.microsoft.com/en-us/security/blog/wp-content/plugins/oembeds/dist/js/ms-oembed-lib-gif.js?ver=76f838e8af84044e0283" id="ms-oembed-gif-script-js"></script> <script type="text/javascript" id="microsoft-uhf-js-extra"> /* <![CDATA[ */ var microsoftUhfSettings = {"homePath":"\/en-us\/security\/blog\/","loginUrl":"","logoutUrl":"","scripts":[],"inline":[]}; /* ]]> */ </script> <script type="text/javascript" src="https://www.microsoft.com/en-us/security/blog/wp-content/plugins/microsoft-uhf/assets/microsoft-uhf.js?ver=0.5.3" id="microsoft-uhf-js"></script> <!-- JSLL tracking --> <script> // 1DS initialization const analytics = new oneDS.ApplicationInsights(); var config = { instrumentationKey: "cb68b8f590184975aa5eb4ed576fb074-e666ac9b-fa31-4339-8b9c-775f4bae31f3-6978", propertyConfiguration: { gpcDataSharingOptIn: ( typeof GPC_DataSharingOptIn !== "undefined" ) ? GPC_DataSharingOptIn : true, callback: { userConsentDetails: ( typeof siteConsent !== "undefined" ) ? siteConsent.getConsent : WcpConsent.siteConsent }, }, webAnalyticsConfiguration:{ coreData: {"pageName":"Cadet Blizzard emerges as a novel and distinct Russian threat actor","pageType":"Post"}, urlCollectQuery: true, urlCollectHash: true, autoCapture: { scroll: true, pageView: true, onLoad: true, onUnload: true, click: true, scroll: true, resize: true, jsError: true } } }; // Initialize OneDS SDK analytics.initialize( config, [] ); </script> </body> </html>