The rise of AI Agents marks one of the most exciting shifts in technology today. Unlike traditional applications or cloud resources, these agents are not passive components- they reason, make decisions, invoke tools, and interact with other agents and systems on behalf of users. This autonomy brings powerful opportunities, but it also introduces a new set of risks, especially given how easily AI agents can be created, even by teams who may not fully understand the security implications. 

This fundamentally changes the security equation, making securing AI agent a uniquely complex challenge – and this is where AI agents posture becomes critical. The goal is not to slow innovation or restrict adoption, but to enable the business to build and deploy AI agents securely by design.  

A strong AI agents posture starts with comprehensive visibility across all AI assets and goes further by providing contextual insights – understanding what each agent can do and what it connected to, the risks it introduces, how it can be harden, and how to prioritize and mitigate issues before they turn into incidents. 

In this blog, we’ll explore the unique security challenges introduced by AI agents and how Microsoft Defender helps organizations reduce risk and attack surface through AI security posture management across multi-cloud environments. 

Understanding the unique challenges  

The attack surface of an AI agent is inherently broad. By design, agents are composed of multiple interconnected layers – models, platforms, tools, knowledge sources, guardrails, identities, and more. 

Across this layered architecture, threats can emerge at multiple points, including prompt-based attacks, poisoning of grounding data, abuse of agent tools, manipulation of coordinating agents, etc. As a result, securing AI agents demands a holistic approach. Every layer of this multi-tiered ecosystem introduces its own risks, and overlooking any one of them can leave the agent exposed. 

Let’s explore several unique scenarios where Defender’s contextual insights help address these challenges across the entire AI agent stack. 

Scenario 1: Finding agents connected to sensitive data 

Agents are often connected to data sources, and sometimes -whether by design or by mistake- they are granted access to sensitive organizational information, including PII. Such agents are typically intended for internal use – for example, processing customer transaction records or financial data. While they deliver significant value, they also represent a critical point of exposure. If an attacker compromises one of these agents, they could gain access to highly sensitive information that was never meant to leave the organization. Moreover, unlike direct access to a database – which can be easily logged and monitored – data exfiltration through an agent may blend in with normal agent activity, making it much harder to detect. This makes data-connected agents especially important to monitor, protect, and isolate, as the consequences of their misuse can be severe. 

Microsoft Defender provides visibility for those agents connected to sensitive data and help security teams mitigate such risks. In the example shown in Figure 1, the attack path demonstrates how an attacker could leverage an Internet-exposed API to gain access to an AI agent grounded with sensitive data. The attack path highlights the source of the agent’s sensitive data (e.g., a blob container) and outlines the steps required to remediate the threat. 

Scenario 2: Identifying agents with indirect prompt injection risk 

AI agents regularly interact with external data – user messages, retrieved documents, third-party APIs, and various data pipelines. While these inputs are usually treated as trustworthy, they can become a stealthy delivery mechanism for Indirect Prompt Injection (XPIA), an emerging class of AI-specific attacks. Unlike direct prompt injection, where an attacker issues harmful instructions straight to the model, XPIA occurs where malicious instructions are hidden in external data source that an agent processes, such as a webpage fetched through a browser tool or an email being summarized. The agent unknowingly ingests this crafted content, which embeds hidden or obfuscated commands that are executed simply because the agent trusts the source and operates autonomously. 

This makes XPIA particularly dangerous for agents performing high-privilege operations – modifying databases, triggering workflows, accessing sensitive data, or performing autonomous actions at scale. In these cases, a single manipulated data source can silently influence an agent’s behavior, resulting in unauthorized access, data exfiltration, or internal system compromise. This makes identifying agents suspectable to XPIA a critical security requirement. 

By analyzing an agent’s tool combinations and configurations, Microsoft Defender identifies agents that carry elevated exposure to indirect prompt injection, based on both the functionality of their tools and the potential impact of misuse. Defender then generates tailored security recommendations for these agents and assigns them a dedicated Risk Factor, that help prioritize them. 

in Figure 2, we can see a recommendation generated by the Defender for an agent with Indirect prompt injection risk and lacking proper guardrails – controls that are essential for reducing the possibility of an XPIA event. 

In Figure 3, we can see a recommendation generated by the Defender for an agent with both high autonomy and a high risk of indirect prompt injection, a combination that significantly increases the probability of a successful attack.  

In both cases, Defender provides detailed and actionable remediation steps. For example, adding human-in-the-loop control is recommended for an agent with both high autonomy and a high indirect prompt injection risk, helping reduce the potential impact of XPIA-driven actions. 

Scenario 3: Identifying coordinator agents 

In a multi-agent architecture, not every agent carries the same level of risk. Each agent may serve a different role – some handle narrow, task-specific functions, while others operate as coordinator agents, responsible for managing and directing multiple sub-agents. These coordinator agents are particularly critical because they effectively act as command centers within the system. A compromise of such an agent doesn’t just affect a single workflow – it cascades into every sub agent under its control. Unlike sub-agents, coordinators might also be customer-facing, which further amplifies their risk profile. This combination of broad authority and potential exposure makes coordinator agents potentially more powerful and more attractive targets for attackers, making comprehensive visibility and dedicated security controls essential for their safe operation 

Microsoft Defender accounts for the role of each agent within a multi-agent architecture, providing visibility into coordinator agents and dedicated security controls. Defender also leverages attack path analysis to identify how agent-related risks can form an exploitable path for attackers, mapping weak links with context. 

For example, as illustrated in Figure 4, an attack path can demonstrate how an attacker might utilize an Internet- exposed API to gain access to Azure AI Foundry coordinator agent. This visualization helps security admin teams to take preventative actions, safeguarding the AI agents from potential breaches.  

Hardening AI agents: reducing the attack surface 

Beyond addressing individual risk scenarios, Microsoft Defender offers broad, foundational hardening guidance designed to reduce the overall attack surface of any AI agent. In addition, a new set of dedicated agents like Risk Factors further helps teams prioritize which weaknesses to mitigate first, ensuring the right issues receive the right level of attention. 

Together, these controls significantly limit the blast radius of any attempted compromise. Even if an attacker identifies a manipulation path, a properly hardened and well-configured agent will prevent escalation. 

By adopting Defender’s general security guidance, organizations can build AI agents that are not only capable and efficient, but resilient against both known and emerging attack techniques. 

Build AI agents security from the ground up 

To address these challenges across the different AI Agents layers, Microsoft Defender provides a suite of security tools tailored for AI workloads. By enabling AI Security Posture Management (AI-SPM) within the Defender for Cloud Defender CSPM plan, organizations gain comprehensive multi-cloud posture visibility and risk prioritization across platforms such as Microsoft Foundry, AWS Bedrock, and GCP Vertex AI. This multi-cloud approach ensures critical vulnerabilities and potential attack paths are effectively identified and mitigated, creating a unified and secure AI ecosystem. 

Together, these integrated solutions empower enterprises to build, deploy, and operate AI technologies securely, even within a diverse and evolving threat landscape. 

To learn more about Security for AI with Defender for Cloud, visit our website and documentation. 

This research is provided by Microsoft Defender Security Research with contributions by Hagai Ran Kestenberg. 

The post A new era of agents, a new era of posture  appeared first on Microsoft Security Blog.

Over the past year, Microsoft Threat Intelligence observed the proliferation of RedVDS, a virtual dedicated server (VDS) provider used by multiple financially motivated threat actors to commit business email compromise (BEC), mass phishing, account takeover, and financial fraud. Microsoft’s investigation into RedVDS services and infrastructure uncovered a global network of disparate cybercriminals purchasing and using to target multiple sectors, including legal, construction, manufacturing, real estate, healthcare, and education in the United States, Canada, United Kingdom, France, Germany, Australia, and countries with substantial banking infrastructure targets that have a higher potential for financial gain. In collaboration with law enforcement agencies worldwide, Microsoft’s Digital Crimes Unit (DCU) recently facilitated a disruption of RedVDS infrastructure and related operations.

RedVDS is a criminal marketplace selling illegal software and services that facilitated and enabled cybercrime. The marketplace offers a simple and feature-rich user interface for purchasing unlicensed and inexpensive Windows-based Remote Desktop Protocol (RDP) servers with full administrator control and no usage limits – a combination eagerly exploited by cybercriminals. Microsoft’s investigation into RedVDS revealed a single, cloned Windows host image being reused across the service, leaving unique technical fingerprints that defenders could leverage for detection.

Microsoft tracks the threat actor who develops and operates RedVDS as Storm-2470. We have observed multiple cybercriminal actors, including Storm-0259, Storm-2227, Storm-1575, Storm-1747, and phishing actors who used the RacoonO365 phishing service prior its coordinated takedown, leveraging RedVDS infrastructure. RedVDS launched their website in 2019 and has been operating publicly since to offer servers in locations including the United States, United Kingdom, Canada, France, Netherlands, and Germany. The primary website used the redvds[.]com domain, with secondary domains at redvds[.]pro and vdspanel[.]space.

RedVDS uses a fictitious entity claiming to operate and be governed by Bahamian Law​. RedVDS customers purchased the service through cryptocurrency, primarily Bitcoin and Litecoin, adding another layer of obfuscation to illicit activity. Additionally, RedVDS supports a broad range of digital currency, including Monero, Binance Coin, Avalanche, Dogecoin, and TRON.

The mass scale of operations facilitated by RedVDS infrastructure and roughly US $40 million in reported fraud losses driven by RedVDS‑enabled activity in the United States alone since March 2025 underscore the threat of an invisible infrastructure providing scalability and ease for cybercriminals to access target networks. In this blog, we share our analysis of the technical aspects of RedVDS: its infrastructure, provisioning methods, and the malware and tools deployed on RedVDS hosts. We also provide recommendations to protect against RedVDS-related threats such as phishing attacks.

Uncovering the RedVDS Infrastructure

Microsoft Threat Intelligence investigations revealed that RedVDS has become a prolific tool for cybercriminals in the past year, facilitating thousands of attacks including credential theft, account takeovers, and mass phishing. RedVDS offers its services for a nominal fee, making it accessible for cybercriminals worldwide.

Over time, Microsoft Threat Intelligence identified attacks showing thousands of stolen credentials, invoices stolen from target organizations, mass mailers, and phish kits, indicating that multiple Windows hosts were all created from the same base Windows installation. Additional investigations revealed that most of the hosts were created using a single computer ID, signifying that the same Windows Eval 2022 license was used to create these hosts. By using the stolen license to make images, Storm-2470 provided its services at a substantially lower cost, making it attractive for threat actors to purchase or acquire RedVDS services.

Anatomy of RedVDS Infrastructure

Service model and base image: RedVDS provided virtual Windows cloud servers, which were generated from a single Windows Server 2022 image, through RDP. All RedVDS instances identified by Microsoft used the same computer name, WIN-BUNS25TD77J, an anomaly that stood out because legitimate cloud providers randomize hostnames. This host fingerprint appears in RDP certificates and system telemetry, serving as a core indicator of RedVDS activity. The underlying trick is that Storm-2470 created one Windows virtual machine (VM) and repeatedly cloned it without customizing the system identity. 

Automated provisioning: The RedVDS operator employed Quick Emulator (QEMU) virtualization combined with VirtIO drivers to rapidly generate cloned Windows instances on demand. When a customer ordered a server, an automated process copied the master VM image (with the pre-set hostname and configuration) onto a new host. This yielded new servers that are clones of the original, using the same hostname and baseline hardware IDs, differing only by IP address and hostname prefix in some cases. This uniform deployment strategy allowed RedVDS to stand up fresh RDP hosts within minutes, a scalability advantage for cybercriminals. It also meant that all RedVDS hosts shared certain low-level identifiers (for example, identical OS installation IDs and product keys), which defenders could potentially pivot on if exposed in telemetry. 

Payment and access: The RedVDS service operated using an online portal, RedVDS[.]com, where access was sold for cryptocurrency, often Bitcoin, to preserve anonymity. After payment, customers received credentials to sign in using Remote Desktop. Notably, RedVDS did not impose usage caps or maintain activity logs (according to its own terms of service), making it attractive for illicit use.  Additionally, the use of unlicensed software allowed RedVDS to offer its services at a nominal cost, making it more accessible for threat actors as a prolific tool for cybercriminal activity.

Hosting footprint: RedVDS did not own physical datacenters; instead, it rented servers from third-party hosting providers to run its service. We traced RedVDS nodes to at least five hosting companies in the United States, Canada, United Kingdom, France, and Netherlands. These providers offer bare-metal or virtual private server (VPS) infrastructure. By distributing across multiple providers and countries, RedVDS could provision IP addresses in geolocations close to targets (for example, a US victim might be attacked from a US-based  IP address), helping cybercriminals evade geolocation-based security filters. It also meant that RedVDS traffic blended with normal data center traffic, requiring defenders to rely on deeper fingerprints (like the host name or usage patterns) rather than IP address alone. 

We observed RedVDS most commonly hosted within the following AS/ASNs from December 5 to 19, 2025:

Malware and tooling on RedVDS hosts

RedVDS is an infrastructure service that facilitated malicious activity, but unlike malware, it did not perform harmful actions itself; the threat came from how criminals used the servers after provisioning. Our investigation found that RedVDS customers consistently set up a standard toolkit of malicious or dual-use software on their rented servers to facilitate their campaigns. By examining multiple RedVDS instances, we identified a recurring set of tools: 

• Mass mailer utilities: A variety of spam/phishing email tools were installed to send bulk emails. We observed examples like SuperMailer, UltraMailer, BlueMail, SquadMailer, and Email Sorter Pro/Ultimate on RedVDS machines. These programs are designed to import lists of email addresses and blast out phishing emails or scam communications at scale. They often include features to randomize content or schedule sends, helping cybercriminals manage large phishing campaigns directly from the RedVDS host. 
• Email address harvesters: We found tools, such as Sky Email Extractor, that allowed cybercriminals to scrape or validate large numbers of email addresses. These helped build victim lists for phishing. We also found evidence of scripts or utilities to sort and clean email lists (to remove bounces, duplicates, and others), indicating that RedVDS users were managing mass email operations end-to-end on these servers. 
• Privacy and OPSEC tools: RedVDS hosts had numerous applications to keep the operators’ activities under the radar. For example, we observed installations of privacy-focused web browsers (likeWaterfox, Avast Secure Browser, Norton Private Browser), and multiple virtual private network (VPN) clients (such as NordVPN and ExpressVPN). Cybercriminals likely used these to route traffic through other channels (or to access criminal forums safely) from their RedVDS server, and to ensure any browsing or additional communications from the server were masked. Also present was SocksEscort, a proxy/socksifier tool, hinting that some RedVDS tenants ran malware that required SOCKS proxies to reach targets. 

• Remote access and management: Many RedVDS instances had AnyDesk installed. AnyDesk is a legitimate remote desktop tool, suggesting that criminals might have used it to sign in to and control their RedVDS boxes more conveniently or even share access among co-conspirators. 
• Automation and scripting: We found evidence of scripting environments and attempts to use automation services. For example, Python was installed on some RedVDS hosts (with scripts for tasks like parsing data), and one actor attempted to use Microsoft Power Automate (Flow) to programmatically send emails using Excel, though their attempt was not fully successful. Additionally, some RedVDS users leveraged ChatGPT or other OpenAI tools to overcome language barriers when writing phishing lures. Consequently, non‑English‑speaking operators could generate more polished English‑language lure emails by using AI tools on the compromised RedVDS host.

Below is a summary table of tool categories observed on RedVDS hosts and their primary purpose: 

Mapping the RedVDS attack chain

Threat actors used RedVDS because it provided a highly permissive, low-cost, resilient environment where they could launch and conceal multiple stages of their operation. Once provisioned, these cloned Windows hosts gave actors a ready‑made platform to research targets, stage phishing infrastructure, steal credentials, hijack mailboxes, and execute impersonation‑based financial fraud with minimal friction. Threat actors benefited from RedVDS’s unrestricted administrative access and negligible logging, allowing them to operate without meaningful oversight. The uniform, disposable nature of RedVDS servers allowed cybercriminals to rapidly iterate campaigns, automate delivery at scale, and move quickly from initial targeting to financial theft.

Reconnaissance

RedVDS operators leveraged their provisioned server to gather intelligence on fraud targets and suppliers, collecting organizational details, payment workflows, and identifying key personnel involved in financial transactions. This information helped craft convincing spear-phishing emails tailored to the victim’s business context.

During this phase, cybercriminals also researched tools and methods to optimize their campaigns. For example, Microsoft observed RedVDS customers experimenting with Microsoft Power Automate to attempt to automate the delivery of phishing emails directly from Excel files containing personal attachments. These attempts were unsuccessful, but their exploration of automation tools showed a clear intent to streamline delivery workflows and scale their attacks.

Resource development and delivery

Next, RedVDS operators developed their phishing capabilities by transforming its permissive virtual servers into a full operational infrastructure. They did this by purchasing phishing-as-a-service (PhaaS) infrastructure or manually assembling their own tooling, including installing and configuring phishing kits, using mass mailer tools, email address harvesters, and evasion capabilities, such as VPNs and remote desktop tools. Operators then built automation pipelines by writing scripts to import target lists, generating PDF or HTML lure attachments, and automating sending cycles to support high-volume delivery. While RedVDS itself only provided permissive VDS hosting, operators deployed their own automation tooling on these servers to enable large-scale phishing email delivery.

Once their tooling is in place, operators began staging their phishing infrastructure by registering domains that often masqueraded as legitimate domains, setting up phishing pages and credential collectors, and testing the end-to-end delivery before launching their attacks.

Account compromise

RedVDS operators gained initial access through successful phishing attacks. Targets received phishing emails crafted to appear legitimate. When a recipient clicked the malicious link or opened the lure, they are redirected to a phishing page that mimicked a trusted sign-in portal. Here, credentials are harvested, and in some cases, cybercriminals triggered multifactor authentication (MFA) prompts that victims approved, granting full access to accounts.

Credential theft and mailbox takeover

Once credentials were captured through phishing, RedVDS facilitated the extraction and storage of replay tokens or session cookies. These artifacts allowed cybercriminals to bypass MFA and maintain persistent access without triggering additional verification, streamlining account takeover.

With valid credentials or tokens, cybercriminals signed in to the compromised mailbox. They searched for financial conversations, pending invoices, and supplier details, copying relevant emails to prepare for impersonation and fraud. This stage often included monitoring ongoing threads to identify the most opportune moment to intervene.

Impersonation infrastructure development

Building on the initial RedVDS footprint, operators expanded their infrastructure to large-volume phishing and impersonation activity. A critical component of this phase was the registration and deployment of homoglyph domains, lookalike domains crafted to mimic legitimate supplier or business partners with near-indistinguishable character substitutions. During the investigation, Microsoft uncovered over 7,300 IP addresses linked to RedVDS infrastructure that collectively hosted more than 3,700 homoglyph domains within a 30-day period.

Using these domains, operators created impersonation mailboxes and inserted themselves into ongoing email threads, effectively hijacking trusted communications channels. This combination of homoglyph domain infrastructure, mailbox impersonation, and thread hijacking formed the backbone of highly convincing BEC operations and enabled seamless social engineering that pressured victims into completing fraudulent financial transactions.

Social engineering

Using the impersonation setup, cybercriminals further injected themselves into legitimate conversations with suppliers or internal finance teams. They sent payment change requests or fraudulent invoices, leveraging urgency and trust to manipulate targets into transferring funds. For example, Microsoft Threat Intelligence observed multiple actors, including Storm-0259, using RedVDS to deliver fake unpaid invoices to businesses that directed the recipient to make a same day payment to resolve the debt. The email included PDF attachments of the fake invoice, banking details to make the payment, and contact details of the impersonator.

Payment fraud

Finally, the victim processed the fraudulent payment, transferring funds to an attacker-controlled mule account. These accounts were often part of a larger laundering network, making recovery difficult.

Common attacks using RedVDS infrastructure

Mass phishing: In most cases, Microsoft observed RedVDS customers using RedVDS as primary infrastructure to conduct mass phishing. Prior to sending out emails, cybercriminals linked to RedVDS infrastructure abused Microsoft 365 services to register fake tenants posing as legitimate local businesses or organizations. These cybercriminals also installed additional legitimate applications on RedVDS server, including Brave browser, likely to mask browsing activity; Telegram Desktop, Signal Desktop, and AnyTime Desktop to facilitate their operations; as well as mass mailer tools such as SuperMailer, UltraMailer, and BlueMail.

Password spray: Microsoft observed actors conducting password spray attacks using RedVDS infrastructure to gain initial access to target systems.

Spoofed phishing attacks: Microsoft has observed actors using RedVDS infrastructure to send phishing messages that appear as internally sent email communications by spoofing the organizations’ domains. Threat actors exploit complex routing scenarios and misconfigured spoof protections to carry out these email campaigns, with RedVDS providing the means to send the phishing emails in majority of cases. This phishing attack vector does not affect customers whose Microsoft Exchange mail exchanger (MX) records point to Office 365; these tenants are protected by native built-in spoofing detections.

Lures used in these attacks are themed around voicemails, shared documents, communications from human resources (HR) departments, password resets or expirations, and others, leading to credential phishing. Microsoft has also observed a campaign leveraging this vector to conduct financial scams against organizations, attempting to trick them into paying false invoices to fraudulently created banking accounts. Phishing messages sent through this method might seem like internal communications, making them more effective. Compromised credentials could result in data theft, business email compromise, or financial loss, all requiring significant remediation.

Business email compromise/Account takeover: Microsoft observed RedVDS customers using the infrastructure to conduct BEC attacks that included account takeovers of organizations or businesses. In several cases, these actors also created homoglyph domains to appear legitimate in payment fraud operations. During email takeover operations, RedVDS customers used compromised accounts in BEC operations to conduct follow-on activity. In addition to mass mailers, these cybercriminals signed in to user mailboxes and used those accounts to conduct lateral movement within the targeted organization’s environment and look for other possible users or contacts, allowing them to conduct reconnaissance and craft more convincing phishing emails. Following successful account compromise, the cybercriminals often created an invitation lure and uploaded it to the victim’s SharePoint. In these cases, Microsoft observed the cybercriminals exfiltrating financial data, namely banking information from the same organizations that were impersonated in addition to mass downloading of invoices, and credential theft.

Defending against RedVDS-related operations

RedVDS is an infrastructure provider that facilitated criminal activity, and it is not by itself a malware tool that deploys malicious code. This activity is not exclusively abusing Microsoft services but likely other providers as well.

While Microsoft notes that the organizations at most risk for RedVDS-related operations are legal, construction, manufacturing, real estate, healthcare, and education, the activity conducted by malicious actors using RedVDS are common attacks that could affect any business or consumers, especially with an established relationship where high volume of transactions are exchanged.

The overwhelming majority of RedVDS-related activity comprises social engineering, phishing operations, and business email compromise. Microsoft recommends the following recommendations to mitigate the impact of RedVDS-related threats.

Preventing phishing attacks

Defending against phishing attacks begins at the primary gateways: email and other communication platforms.

• Review our recommended settings for Exchange Online Protection and Microsoft Defender for Office 365 to ensure your organization has established essential defenses and knows how to monitor and respond to threat activity.
• Invest in user awareness training and phishing simulations. Attack simulation training in Microsoft Defender for Office 365, which also includes simulating phishing messages in Microsoft Teams, is one approach to running realistic attack scenarios in your organization.
• Follow Microsoft’s security best practices for Microsoft Teams.
• Configure the Microsoft Defender for Office 365 Safe Links policy to apply to internal recipients.

Hardening credentials and cloud identities is also necessary to defend against phishing attacks, which seek to gain valid credentials and access tokens.  As an initial step, use passwordless solutions like passkeys and implement MFA throughout your environment:

• Use the Microsoft Authenticator app for passkeys and MFA, and complement MFA with conditional access policies, where sign-in requests are evaluated using additional identity-driven signals.
• Conditional access policies can also be scoped to strengthen privileged accounts with phishing resistant MFA.
• Your passkey and MFA policy can be further secured by only allowing MFA and passkey registrations from trusted locations and devices

Preventing business email compromise (BEC)

Organizations can mitigate BEC risks by focusing on key defense measures, such as implementing comprehensive social engineering training for employees and enhancing awareness of phishing tactics. Educating users about identifying and reporting suspicious emails is critical. Essential technical measures include securing device services, including email settings through services like Microsoft Defender XDR, enabling MFA, and promoting strong password protection. Additionally, using secure payment platforms and tightening controls around financial processes can help reduce risks related to fraudulent transactions. Collectively, these proactive measures strengthen defenses against BEC attacks.

• Ensure that admin and user accounts are distinct by using Privileged Identity Management or dedicated accounts for privileged tasks, limiting overprivileged permissions. Adaptive Protection can automatically apply strict security controls on high-risk users, minimizing the impact of potential data security incidents.
• Avoid opening emails, attachments, and links from suspicious sources. Verify sender identities before interacting with any links or attachments. In most RedVDS-related BEC cases, once the actor took over an email account, the victim’s inbox was studied and used to learn about existing relationships with other vendors or contacts, making this step extra crucial. Educate employees on data security best practices through regular training on phishing indicators, domain mismatches, and other BEC red flags. Leverage Microsoft curated resources and training and deploy phishing risk-reduction tool to conduct simulations and targeted education. Encourage users to browse securely with Microsoft Edge or other SmartScreen-enabled browsers to block malicious websites, including phishing domains.
• Enforcing robust email security settings is critical for preventing spoofing, impersonation, and account compromise, which are key tactics in BEC attacks. Most domains sending mail to Office 365 lack valid DMARC enforcement, making them susceptible to spoofing. Microsoft 365 and Exchange Online Protection (EOP) mitigate this risk by detecting forged “From” headers to block spoofed emails and prevent credential theft. Spoof intelligence, enabled by default, adds an extra layer of security by identifying spoofed senders.

Microsoft Defender XDR detections

Microsoft Defender XDR detects a wide variety of post-compromise activity leveraging the RedVDS service, including:

• Possible BEC-related inbox rule (Microsoft Defender for Cloud apps)
• Compromised user account in a recognized attack pattern (Microsoft Defender XDR)
• Risky sign in attempt following a possible phishing campaign (Microsoft Defender for Office 365)
• Risky sign-in attempt following access to malicious phishing email (Microsoft Defender for Cloud Apps)
• Suspicious AnyDesk installation (Microsoft Defender for Endpoint)
• Password spraying (Microsoft Defender for Endpoint)

Microsoft Defender XDR coordinates detection, prevention, investigation, and response across endpoints, identities, email, apps to provide integrated protection against threats. Customers with provisioned access can also use Microsoft Security Copilot in Microsoft Defender to investigate and respond to incidents, hunt for threats, and protect their organization with relevant threat intelligence.

Microsoft Security Copilot

Security Copilot customers can use the standalone experience to create their own prompts or run the following prebuilt promptbooks to automate incident response or investigation tasks related to this threat:

• Incident investigation
• Microsoft User analysis
• Threat actor profile
• Threat Intelligence 360 report based on MDTI article
• Vulnerability impact assessment

Note that some promptbooks require access to plugins for Microsoft products such as Microsoft Defender XDR or Microsoft Sentinel.

Threat intelligence reports

Microsoft Defender XDR customers can use the following threat analytics reports in the Defender portal (requires license for at least one Defender XDR product) to get the most up-to-date information about the threat actor, malicious activity, and techniques discussed in this blog. These reports provide the intelligence, protection information, and recommended actions to prevent, mitigate, or respond to associated threats found in customer environments.

Microsoft Defender XDR threat analytics

• Threat overview: Business email compromise
• Threat Overview Profile: Evolving phishing threats

Microsoft Security Copilot customers can also use the Microsoft Security Copilot integration in Microsoft Defender Threat Intelligence, either in the Security Copilot standalone portal or in the embedded experience in the Microsoft Defender portal to get more information about this threat actor.

Indicators of compromise

The following table lists the domain variants belonging to RedVDS provider.

Learn more

For the latest security research from the Microsoft Threat Intelligence community, check out the Microsoft Threat Intelligence Blog.

To get notified about new publications and to join discussions on social media, follow us on LinkedIn, X (formerly Twitter), and Bluesky.

To hear stories and insights from the Microsoft Threat Intelligence community about the ever-evolving threat landscape, listen to the Microsoft Threat Intelligence podcast.

The post Inside RedVDS: How a single virtual desktop provider fueled worldwide cybercriminal operations appeared first on Microsoft Security Blog.

No doubt, your organization has been hard at work over the past several years implementing industry best practices, including a Zero Trust architecture. But even so, the cybersecurity race only continues to intensify.

AI has quickly become a powerful tool misused by threat actors, who use it to slip into the tiniest crack in your defenses. They use AI to automate and launch password attacks and phishing attempts at scale, craft emails that seem to come from people you know, manufacture voicemails and videos that impersonate people, join calls, request IT support, and reset passwords. They even use AI to rewrite AI agents on the fly as they compromise and traverse your network.

To stay ahead in the coming year, we recommend four priorities for identity security leaders:

1. Implement fast, adaptive, and relentless AI-powered protection.
2. Manage, govern, and protect AI and agents.
3. Extend Zero Trust principles everywhere with an integrated Access Fabric security solution.
4. Strengthen your identity and access foundation to start secure and stay secure.

Secure Access Webinar

Enhance your security strategy: Deep dive into how to unify identity and network access through practical Zero Trust measures in our comprehensive four-part series.

Sign up for the webinar

1. Implement fast, adaptive, and relentless AI-powered protection

2026 is the year to integrate AI agents into your workflows to reduce risk, accelerate decisions, and strengthen your defenses.

While security systems generate plenty of signals, the work of turning that data into clear next steps is still too manual and error-prone. Investigations, policy tuning, and response actions require stitching together an overwhelming volume of context from multiple tools, often under pressure. When cyberattackers are operating at the speed and scale of AI, human-only workflows constrain defenders.

That’s where generative AI and agentic AI come in. Instead of reacting to incidents after the fact, AI agents help your identity teams proactively design, refine, and govern access. Which policies should you create? How do you keep them current? Agents work alongside you to identify policy gaps, recommend smarter and more consistent controls, and continuously improve coverage without adding friction for your users. You can interact with these agents the same way you’d talk to a colleague. They can help you analyze sign-in patterns, existing policies, and identity posture to understand what policies you need, why they matter, and how to improve them.

In a recent study, identity admins using the Conditional Access Optimization Agent in Microsoft Entra completed Conditional Access tasks 43% faster and 48% more accurately across tested scenarios. These gains directly translate into a stronger identity security posture with fewer gaps for cyberattackers to exploit. Microsoft Entra also includes built-in AI agents for reasoning over users, apps, sign-ins, risks, and configurations in context. They can help you investigate anomalies, summarize risky behavior, review sign-in changes, remediate and investigate risks, and refine access policies.

The real advantage of AI-powered protection is speed, scale, and adaptability. Static, human-only workflows just can’t keep up with constantly evolving cyberattacks. Working side-by-side with AI agents, your teams can continuously assess posture, strengthen access controls, and respond to emerging risks before they turn into compromise.

2. Manage, govern, and protect AI and agents 

Another critical shift is to make every AI agent a first-class identity and govern it with the same rigor as human identities. This means inventorying agents, assigning clear ownership, governing what they can access, and applying consistent security standards across all identities.

Just as unsanctioned software as a service (SaaS) apps once created shadow IT and data leakage risks, organizations now face agent sprawl—an exploding number of AI systems that can access data, call external services, and act autonomously. While you want your employees to get the most out of these powerful and convenient productivity tools, you also want to protect them from new risks.

Fortunately, the same Zero Trust principles that apply to human employees apply to AI agents, and now you can use the same tools to manage both. You can also add more advanced controls: monitoring agent interaction with external services, enforcing guardrails around internet access, and preventing sensitive data from flowing into unauthorized AI or SaaS applications.

With Microsoft Entra Agent ID, you can register and manage agents using familiar Entra experiences. Each agent receives its own identity, which improves visibility and auditability across your security stack. Requiring a human sponsor to govern an agent’s identity and lifecycle helps prevent orphaned agents and preserves accountability as agents and teams evolve. You can even automate lifecycle actions to onboard and retire agents. With Conditional Access policies, you can block risky agents and set guardrails for least privilege and just in time access to resources.

To govern how employees use agents and to prevent misuse, you can turn to Microsoft Entra Internet Access, included in Microsoft Entra Suite. It’s now a secure web and AI gateway that works with Microsoft Defender to help you discover use of unsanctioned private apps, shadow IT, generative AI, and SaaS apps. It also protects against prompt injection attacks and prevents data exfiltration by integrating network filtering with Microsoft Purview classification policies.

When you have observability into everything that traverses your network, you can embrace AI confidently while ensuring that agents operate safely, responsibly, and in line with organizational policy.

3. Extend Zero Trust principles everywhere with an integrated Access Fabric security solution

There’s often a gap between what your identity system can see and what’s happening on the network. That’s why our next recommendation is to unify the identity and network access layers of your Zero Trust architecture, so they can share signals and reinforce each other’s strengths through a unified policy engine. This gives you deeper visibility into and finer control over every user session.

Today, enterprise organizations juggle an average of five different identity solutions and four different network access solutions, usually from multiple vendors.¹ Each solution enforces access differently with disconnected policies that limit visibility across identity and network layers. Cyberattackers are weaponizing AI to scale phishing campaigns and automate intrusions to exploit the seams between these siloed solutions, resulting in more breaches.²

An access security platform that integrates context from identity, network, and endpoints creates a dynamic safety net—an Access Fabric—that surrounds every digital interaction and helps keep organizational resources secure. An Access Fabric solution wraps every connection, session, and resource in consistent, intelligent access security, wherever work happens—in the cloud, on-premises, or at the edge. Because it reasons over context from identity, network, devices, agents, and other security tools, it determines access risk more accurately than an identity-only system. It continuously re‑evaluates trust across authentication and network layers, so it can enforce real‑time, risk‑based access decisions beyond first sign‑in.

Microsoft Entra delivers integrated access security across AI and SaaS apps, internet traffic, and private resources by bringing identity and network access controls together under a unified Zero Trust policy engine, Microsoft Entra Conditional Access. It continuously monitors user and network risk levels. If any of those risk levels change, it enforces policies that adapt in real time, so you can block access for users, apps, and even AI agents before they cause damage.

Your security teams can set policies in one central place and trust Entra to enforce them everywhere. The same adaptive controls protect human users, devices, and AI agents wherever they move, closing access security gaps while reducing the burden of managing multiple policies across multiple tools.

4. Strengthen your identity and access foundation to start secure and stay secure

To address modern cyberthreats, you need to start from a secure baseline—anchored in phishing‑resistant credentials and strong identity proofing—so only the right person can access your environment at every step of authentication and recovery.

A baseline security model sets minimum guardrails for identity, access, hardening, and monitoring. These guardrails include must-have controls, like those in security defaults, Microsoft-managed Conditional Access policies, or Baseline Security Mode in Microsoft 365. This approach includes moving away from easily compromised credentials like passwords and adopting passkeys to balance security with a fast, familiar sign-in experience. Equally important is high‑assurance account recovery and onboarding that combines a government‑issued ID with a biometric match to ensure that no bad actors or AI impersonators gain access.

Microsoft Entra makes it easy to implement these best practices. You can require phishing‑resistant credentials for any account accessing your environment and tailor passkey policies based on risk and regulatory needs. For example, admins or users in highly regulated industries can be required to use device‑bound passkeys such as physical security keys or Microsoft Authenticator, while other worker groups can use synced passkeys for a simpler experience and easier recovery. At a minimum, protect all admin accounts with phishing‑resistant credentials included in Microsoft Entra ID. You can even require new employees to set up a passkey before they can access anything. With Microsoft Entra Verified ID, you can add a live‑person check and validate government‑issued ID for both onboarding and account recovery.

Combining access control policies with device compliance, threat detection, and identity protection will further fortify your foundation. 

Support your identity and network access priorities with Microsoft

The plan for 2026 is straightforward: use AI to automate protection at speed and scale, protect the AI and agents your teams use to boost productivity, extend Zero Trust principles with an Access Fabric solution, and strengthen your identity security baseline. These measures will give your organization the resilience it needs to move fast without compromise. The threats will keep evolving—but you can tip the scales in your favor against increasingly sophisticated cyberattackers.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹Secure employee access in the age of AI report, Microsoft.

²Microsoft Digital Defense Report 2025.

The post Four priorities for AI-powered identity and network access security in 2026 appeared first on Microsoft Security Blog.

Today, most organizations use multiple identity systems and multiple network access solutions from multiple vendors. This happens, either intentionally or organically, when different areas of a company choose different tools, creating a fragmented environment that leaves weaknesses that cyberattackers are quick to weaponize.

Simply adding more tools isn’t enough. No matter how many you have, when identity systems and network security systems don’t work together, visibility drops, gaps form, and risks skyrocket. A unified, adaptive approach to access security, in contrast, can better ensure that only the right users are accessing your data and resources from the right places.

When identity and network access work in concert, sharing signals and amplifying each other’s strengths through a unified policy engine, they create a dynamic safety net—an Access Fabric—that continuously evaluates trust at the authentication and network levels throughout every session and enforces risk-based access decisions in real-time, not just at first sign-in.

AI is amplifying the risk of defensive seams and gaps

Access isn’t a single wall between your organizational resources and cyberthreats. It’s a lattice of decisions about people, devices, applications, agents, and networks. With multiple tools, management becomes patchwork: identity controls in this console, network controls over there, endpoint rules somewhere else, and software as a service (SaaS) configurations scattered across dozens of admin planes. Although each solution strives to do the right thing, the overall experience is disjointed, the signals are incomplete, and the policies are rarely consistent.

In the age of AI, this fragmentation is dangerous. In fact, 79% of organizations that use six or more identity and network solutions reported an increase in significant breaches.¹ Threat actors are using AI to get better at finding and exploiting weaknesses in defenses. For example, our data shows that threat actors are using AI to make phishing campaigns four and a half times more effective and to automate intrusion vectors at scale.²

The best strategy moving forward is to remove seams and close gaps that cyberattackers target. This is what an Access Fabric does. It isn’t a product or platform but a unified approach to access security across AI and SaaS apps, internet traffic, and private resources to protect every identity, access point, session, and resource with the same adaptive controls.

An Access Fabric solution continuously decides who can access what, from where, and under what conditions—in real time. It reduces complexity and closes the gaps that cyberattackers look for, because the same adaptive controls protect human users, devices, and even AI agents as they move between locations and networks.

Why a unified approach to access security is better than a fragmented one

Let’s use an everyday example to illustrate the difference between an access security approach that uses fragmented tools versus one that uses an Access Fabric solution.

It’s a typical day at the office. After signing into your laptop and opening your confidential sales report, it hits you: You need coffee. There’s a great little cafe just in your building, so you pop downstairs with your laptop and connect to its public wireless network.

Unfortunately, disconnected identity and security systems won’t catch that you just switched from a secure network to a public one. This means that the token issued while you were connected to your secure network will stay valid until it expires. In other words, until the token times out, you can still connect to sensitive resources, like your sales report. What’s more, anything you access is now exposed over the cafe’s public wireless network to anyone nearby—even to AI-empowered cyberattackers stalking the public network, just waiting to pounce.

The system that issued your token worked exactly as designed. It simply had no mechanism to receive a signal from your laptop that you had switched to an insecure network mid-session.

Now let’s revise this scenario. This time you, your device, your applications, and your data are wrapped in the protection of an Access Fabric solution that connects identity, device, and network signals. You still need coffee and you still go down to the cafe. This time, however, your laptop sends a signal the moment you connect to the cafe’s public wireless network, triggering a policy that immediately revokes access to your confidential sales report.

The Access Fabric solution doesn’t simply trust a “one-and-done” sign-in but applies the Zero Trust principles of “never trust, always verify” and “assume breach” to keep checking: Is this still really you? Is your device still healthy? Is this network trustworthy? How sensitive is the app or data you’re trying to access?

Anything that looks off, like a change in network conditions, triggers a policy that automatically tightens or even pauses your access to sensitive resources. You don’t have to think about it. The safety net is always there, weaving identity and network signals together, updating risk scores, and continuously re-evaluating access to keep your data safe, wherever you are.

What makes an Access Fabric solution effective

For an Access Fabric solution to secure access in hybrid work environments effectively, it must be contextual, connected, and continuous.

• Contextual: Instead of granting a human user, device, or autonomous agent access based on a password or one-time authentication token, a rich set of signals across identity, device posture, network telemetry, and business context inform every access decision. If context changes, the policy engine re-evaluates conditions and reassesses risk in real-time.
• Connected: Instead of operating independently, identity and network controls share signals and apply consistent policies across applications, endpoints, and network edges. When identity and network telemetry reinforce one another, access decisions become comprehensive and dynamic instead of disjointed and episodic. This unified approach simplifies governance for security teams, who can set policies in one place.
• Continuous: Verification at the authentication and network levels is ongoing throughout every session—not just at sign-in—as users, devices, and agents interact with resources. The policy engine at the heart of the solution is always learning and adapting. If risk levels change in response to a shift in device health, network activity, or suspicious behavior, the system responds instantly to mitigate cyberthreats before they escalate.

With an Access Fabric solution, life gets more secure for everyone. Identity and network access teams can configure comprehensive policies, review granular logs, and take coordinated action in one place. They can deliver better security while employees get a more consistent and intuitive experience, which improves security even more. Organizations can experiment with AI more safely because their Access Fabric solution will ensure that machine identities and AI agents play by the same smart rules as people.

By moving beyond static identity checks to real-time, context-aware access decisions, an Access Fabric solution delivers stronger access security and a smoother user experience wherever and however work happens.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹Secure employee access in the age of AI.

²Microsoft Digital Defense Report 2025.

The post Access Fabric: A modern approach to identity and network access appeared first on Microsoft Security Blog.

CVE-2025-55182 (also referred to as React2Shell and includes CVE-2025-66478, which was merged into it) is a critical pre-authentication remote code execution (RCE) vulnerability affecting React Server Components, Next.js, and related frameworks. With a CVSS score of 10.0, this vulnerability could allow attackers to execute arbitrary code on vulnerable servers through a single malicious HTTP request.

Exploitation activity related to this vulnerability was detected as early as December 5, 2025. Most successful exploits originated from red team assessments; however, we also observed real-world exploitation attempts by threat actors delivering multiple subsequent payloads, majority of which are coin miners. Both Windows and Linux environments have been observed to be impacted.

The React Server Components ecosystem is a collection of packages, frameworks, and bundlers that enable React 19 applications to run parts of their logic on the server rather than the browser. It uses the Flight protocol to communicate between client and server. When a client requests data, the server receives a payload, parses this payload, executes server-side logic, and returns a serialized component tree. The vulnerability exists because affected React Server Components versions fail to validate incoming payloads. This could allow attackers to inject malicious structures that React accepts as valid, leading to prototype pollution and remote code execution.

This vulnerability presents a significant risk because of the following factors:

• Default configurations are vulnerable, requiring no special setup or developer error.
• Public proof-of-concept exploits are readily available with near-100% reliability.
• Exploitation can happen without any user authentication since this is a pre-authentication vulnerability.
• The vulnerability could be exploited using a single malicious HTTP request.

In this report, Microsoft Defender researchers share insights from observed attacker activity exploiting this vulnerability. Detailed analyses, detection insights, as well as mitigation recommendations and hunting guidance are covered in the next sections. Further investigation towards providing stronger protection measures is in progress, and this report will be updated when more information becomes available.

Analyzing CVE-2025-55182 exploitation activity

React is widely adopted in enterprise environments. In Microsoft Defender telemetry, we see tens of thousands of distinct devices across several thousand organizations running some React or React-based applications. Some of the vulnerable applications are deployed inside containers, and the impact on the underlying host is dependent on the security configurations of the container.

We identified several hundred machines across a diverse set of organizations compromised using common tactics, techniques, and procedures (TTPs) observed with web application RCE. To exploit CVE-2025-55182, an attacker sends a crafted input to a web application running React Server Components functions in the form of a POST request. This input is then processed as a serialized object and passed to the backend server, where it is deserialized. Due to the default trust among the components, the attacker-provided input is then deserialized and the backend runs attacker-provided code under the NodeJS runtime.

Post-exploitation, attackers were observed to run arbitrary commands, such as reverse shells to known Cobalt Strike servers. To achieve persistence, attackers added new malicious users, utilized remote monitoring and management (RMM) tools such as MeshAgent, modified authorized_keys file, and enabled root login. To evade security defenses, the attackers downloaded from attacker-controlled CloudFlare Tunnel endpoints (for example, *.trycloudflare.com) and used bind mounts to hide malicious processes and artifacts from system monitoring tools.

The malware payloads seen in campaigns investigated by Microsoft Defender vary from remote access trojans (RATs) like VShell and EtherRAT, the SNOWLIGHT memory-based malware downloader that enabled attackers to deploy more payloads to target environments, ShadowPAD, and XMRig cryptominers. The attacks proceeded by enumerating system details and environment variables to enable lateral movement and credential theft.

Credentials that were observed to be targeted included Azure Instance Metadata Service (IMDS) endpoints for Azure, Amazon Web Services (AWS), Google Cloud Platform (GCP), and Tencent Cloud to acquire identity tokens, which could be used to move laterally to other cloud resources. Attackers also deployed secret discovery tools such as TruffleHog and Gitleaks, along with custom scripts to extract several different secrets. Attempts to harvest AI and cloud-native credentials, such as OpenAI API keys, Databricks tokens, and Kubernetes service‑account credentials were also observed. Azure Command-Line Interface (CLI) (az) and Azure Developer CLI (azd) were also used to obtain tokens.

Mitigation and protection guidance

Microsoft recommends customers to act on these mitigation recommendations:

Manual identification guidance

Until full in-product coverage is available, you can manually assess exposure on servers or containers:

1. Navigate to your project directory and open the node_modules folder.
2. Review installed packages and look for:
   • react-server-dom-webpack
   • react-server-dom-parcel
   • react-server-dom-turbopack
   • next
3. Validate versions against the known affected range:
   • React: 19.0.0,19.1.0, 19.1.1, 19.2.0
   • Next.js: 15.0.0 – 15.0.4, 15.1.0 – 15.1.8, 15.2.0 – 15.2.5, 15.3.0 – 15.3.5, 15.4.0 – 15.4.7, 15.5.0 – 15.5.6, 16.0.0 – 16.0.6, 14.3.0-canary.77 and later canary releases
4. If any of these packages match the affected versions, remediation is required. Prioritize internet-facing assets first, especially those identified by Defender as externally exposed.

Mitigation best practices

1. Patch immediately
   • React and Next.js have released fixes for the impacted packages. Upgrade to one of the following patched versions (or later within the same release line):
     • React: 19.0.1, 19.1.2, 19.2.1
     • Next.js: 5.0.5, 15.1.9, 15.2.6, 15.3.6, 15.4.8, 15.5.7, 16.0.7
   • Because many frameworks and bundlers rely on these packages, make sure your framework-level updates also pull in the corrected dependencies.
2. Prioritize exposed services
   • Patch all affected systems, starting with internet-facing workloads.
   • Use Microsoft Defender Vulnerability Management (MDVM) to surface vulnerable package inventory and to track remediation progress across your estate.
3. Monitor for exploit activity
   • Review MDVM dashboards and Defender alerts for indicators of attempted exploitation.
   • Correlate endpoint, container, and cloud signals for higher confidence triage.
   • Invoke incident response process to address any related suspicious activity stemming from this vulnerability.
4. Add WAF protections where appropriate
   • Apply Azure Web Application Firewall (WAF) custom rules for Application Gateway and Application Gateway for Containers to help block exploit patterns while patching is in progress. Microsoft has published rule guidance and JSON examples in the Azure Network Security Blog, with ongoing updates as new attack permutations are identified.

Recommended customer action checklist

• Identify affected React Server Components packages in your applications and images.
• Upgrade to patched versions. Refer to the React page for patching guidance.
• Prioritize internet-facing services for emergency change windows.
• Enable and monitor Defender alerts tied to React Server Components exploitation attempts.
• Apply Azure WAF custom rules as a compensating control where feasible.
• Use MDVM to validate coverage and confirm risk reduction post-update.

CVE-2025-55182 represents a high-impact, low-friction attack path against modern React Server Components deployments. Rapid patching combined with layered Defender monitoring and WAF protections provides the strongest short-term and long-term risk reduction strategy.

Microsoft Defender XDR detections 

Microsoft Defender XDR customers can refer to the list of applicable detections below. Microsoft Defender XDR coordinates detection, prevention, investigation, and response across endpoints, identities, email, apps to provide integrated protection against attacks like the threat discussed in this blog.

Customers with provisioned access can also use Microsoft Security Copilot in Microsoft Defender to investigate and respond to incidents, hunt for threats, and protect their organization with relevant threat intelligence.

In many cases subsequent activity post exploitation was detected and following alerts were triggered on the victim devices. Note that the following alerts below can also be triggered by unrelated threat activity.

Automatic attack disruption through Microsoft Defender for Endpoint alerts

To better support customers in the event of exploitation, we are expanding our detection framework to identify and alert on CVE-2025-55182 activity across all operating systems for Microsoft Defender for Endpoint customers. These detections are integrated with automatic attack disruption.

When these alerts, combined with other signals, provide high confidence of active attacker behavior, automatic attack disruption can initiate autonomous containment actions to help stop the attack and prevent further progression.

Microsoft Defender Vulnerability Management and Microsoft Defender for Cloud

Microsoft Defender for Cloud rolled out support to surface CVE-2025-55182 with agentless scanning across containers and cloud virtual machines (VMs). Follow the documentation on how to enable agentless scanning:

• Protect your servers with Defender for Servers
• Defender for Containers Deployment Overview

Microsoft Defender Vulnerability Management (MDVM) can surface impacted Windows, Linux, and macOS devices. In addition, MDVM and Microsoft Defender for Cloud dashboards can surface:

• Identification of exposed assets in the organization
• Clear remediation guidance tied to your affected assets and workloads

Microsoft Security Copilot

Security Copilot customers can use the standalone experience to create their own prompts or run the following prebuilt promptbooks to automate incident response or investigation tasks related to this threat:

• Incident investigation
• Microsoft User analysis
• Threat actor profile
• Threat Intelligence 360 report based on MDTI article
• Vulnerability impact assessment

Note that some promptbooks require access to plugins for Microsoft products such as Microsoft Defender XDR or Microsoft Sentinel.

Threat intelligence reports

Microsoft Defender XDR customers can use the following threat analytics reports in the Defender portal (requires license for at least one Defender XDR product) to get the most up-to-date information about the threat actor, malicious activity, and techniques discussed in this blog. These reports provide intelligence, protection information, and recommended actions to prevent, mitigate, or respond to associated threats found in customer environments.

Microsoft Defender XDR threat analytics

• Vulnerability Profile: CVE-2025-55182 – React Server Components

Microsoft Security Copilot customers can also use the Microsoft Security Copilot integration in Microsoft Defender Threat Intelligence, either in the Security Copilot standalone portal or in the embedded experience in the Microsoft Defender portal to get more information about this threat actor.

Hunting queries and recommendations

Microsoft Defender XDR

Microsoft Defender XDR customers can run the following query to find related activity in their networks:

Detect potential React2Shell command injection attempt

CloudAuditEvents
| where (ProcessCommandLine == "/bin/sh -c (whoami)" and (ParentProcessName == "node" or ParentProcessName has "next-server"))
        or (ProcessCommandLine has_any ("echo","powershell") and ProcessCommandLine matches regex @'(echo\s+\$\(\(\d+\*\d+\)\)|powershell\s+-c\s+"\d+\*\d+")')
| project Timestamp, KubernetesPodName, KubernetesNamespace, ContainerName, ContainerId, ContainerImageName, FileName, ProcessName, ProcessCommandLine, ProcessCurrentWorkingDirectory, ParentProcessName, ProcessId, ParentProcessId, AccountName

Identify encoded PowerShell attempts

let lookback = 10d;
DeviceProcessEvents
| where Timestamp >= ago(lookback)
| where InitiatingProcessParentFileName has "node"
| where InitiatingProcessCommandLine  has_any ("next start", "next-server") or ProcessCommandLine  has_any ("next start", "next-server")
| summarize  make_set(InitiatingProcessCommandLine), make_set(ProcessCommandLine) by DeviceId, Timestamp
//looking for powershell activity
| where set_ProcessCommandLine  has_any ("cmd.exe","powershell")
| extend decoded_powershell_1 = replace_string(tostring(base64_decode_tostring(tostring(split(tostring(split(set_ProcessCommandLine.[0],"EncodedCommand ",1).[0]),'"',0).[0]))),"\0","")
| extend decoded_powershell_1b = replace_string(tostring(base64_decode_tostring(tostring(split(tostring(split(set_ProcessCommandLine.[0],"Enc ",1).[0]),'"',0).[0]))),"\0","")
| extend decoded_powershell_2 = replace_string(tostring(base64_decode_tostring(tostring(split(tostring(split(set_ProcessCommandLine.[0],"enc ",1).[0]),'"',0).[0]))),"\0","")
| extend decoded_powershell_3 = replace_string(tostring(base64_decode_tostring(tostring(split(tostring(split(set_ProcessCommandLine.[0],"ec ",1).[0]),'"',0).[0]))),"\0","")
| where set_ProcessCommandLine !has "'powershell -c " 
| extend decoded_powershell = iff( isnotempty( decoded_powershell_1),decoded_powershell_1, 
                                                    iff(isnotempty( decoded_powershell_2), decoded_powershell_2,
                                                        iff(isnotempty( decoded_powershell_3), decoded_powershell_3,decoded_powershell_1b)))
| project-away decoded_powershell_1, decoded_powershell_1b, decoded_powershell_2,decoded_powershell_3
| where isnotempty( decoded_powershell)

Identify execution of suspicious commands initiated by the next-server parent process post-exploitation

let lookback = 10d;
DeviceProcessEvents
| where Timestamp >= ago(lookback)
| where InitiatingProcessFileName =~ "node.exe" and InitiatingProcessCommandLine has ".js"
| where FileName =~ "cmd.exe"
| where (ProcessCommandLine has_any (@"\next\", @"\npm\npm\node_modules\", "\\server.js")
    and (ProcessCommandLine has_any ("powershell -c \"", "curl", "wget", "echo $", "ipconfig", "start msiexec", "whoami", "systeminfo", "$env:USERPROFILE", "net user", "net group", "localgroup administrators",  "-ssh", "set-MpPreference", "add-MpPreference", "rundll32", "certutil", "regsvr32", "bitsadmin", "mshta", "msbuild")   
         or (ProcessCommandLine has "powershell" and
             (ProcessCommandLine has_any ("Invoke-Expression", "DownloadString", "DownloadFile", "FromBase64String", "Start-Process", "System.IO.Compression", "System.IO.MemoryStream", "iex ", "iex(", "Invoke-WebRequest", "iwr ", ".UploadFile", "System.Net.WebClient")
                or ProcessCommandLine matches regex @"[-/–][Ee^]{1,2}[NnCcOoDdEeMmAa^]*\s[A-Za-z0-9+/=]{15,}"))))
   or ProcessCommandLine matches regex @'cmd\.exe\s+/d\s+/s\s+/c\s+"powershell\s+-c\s+"[0-9]+\*[0-9]+""'

Identify execution of suspicious commands initiated by the next-server parent process post-exploitation

let lookback = 10d;
DeviceProcessEvents
| where Timestamp >= ago(lookback)
| where InitiatingProcessFileName == "node"
| where InitiatingProcessCommandLine has_any (" server.js", " start", "/server.js")
| where ProcessCommandLine  has_any ("| sh", "openssl,", "/dev/tcp/", "| bash", "|sh", "|bash", "bash,", "{sh,}", "SOCK_STREAM", "bash -i", "whoami", "| base64 -d", "chmod +x /tmp", "chmod 777")
| where ProcessCommandLine !contains "vscode" and ProcessCommandLine !contains "/.claude/"  and ProcessCommandLine !contains "/claude"

Microsoft Defender XDR’s blast radius analysis capability, incorporated into the incident investigation view, allows security teams to visualize and understand the business impact of a security compromise by showing potential propagation paths towards the organization’s critical assets before it escalates into a full blown incident. This capability merges pre-breach estate understanding with post-breach views allowing security teams to map their interconnected assets and highlights potential paths teams can prioritize for remediation efforts based on the criticality of assets and their interconnectivity to the compromised entities.

Microsoft Defender for Cloud

Microsoft Defender for Cloud customers can use security explorer templates to locate exposed containers running vulnerable container images and vulnerable virtual machines. Template titled Internet exposed containers running container images vulnerable to React2Shell vulnerability CVE-2025-55182 and Internet exposed virtual machines vulnerable to React2Shell vulnerability CVE-2025-55182 are added to the gallery.

Microsoft Security Exposure Management

Microsoft Security Exposure Management’s automated attack path analysis maps out potential threats by identifying exposed resources and tracing the routes an attacker might take to compromise critical assets. This analysis highlights vulnerable cloud compute resources, such as virtual machines and Kubernetes containers, that are susceptible to remote code execution vulnerabilities, including React2Shell CVEs. It also outlines possible lateral movement steps an adversary might take within the environment. The attack paths are presented for all supported cloud environments, including Azure, AWS, and GCP.

To view these paths, filter the view in Microsoft Security Exposure Management, filter by entry point type:

• Kubernetes container
• Virtual Machine
• AWS EC2 instance
• GCP compute instance.

Alternatively, in Microsoft Defender for Cloud, customers can filter by titles such as:

• Internet exposed container with high severity vulnerabilities
• Internet exposed Azure VM with RCE vulnerabilities
• Internet exposed GCP compute instance with RCE vulnerabilities
• Internet exposed AWS EC2 instance with RCE vulnerabilities

Microsoft Sentinel

Microsoft Sentinel customers can use the TI Mapping analytics (a series of analytics all prefixed with ‘TI map’) to automatically match the malicious domain indicators mentioned in this blog post with data in their workspace. If the TI Map analytics are not currently deployed, customers can install the Threat Intelligence solution from the Microsoft Sentinel Content Hub to have the analytics rule deployed in their Sentinel workspace. 

Detect network IP and domain indicators of compromise using ASIM

//IP list and domain list- _Im_NetworkSession
let lookback = 30d;
let ioc_ip_addr = dynamic(["194.69.203.32", "162.215.170.26", "216.158.232.43", "196.251.100.191", "46.36.37.85", "92.246.87.48"]);
let ioc_domains = dynamic(["anywherehost.site", "xpertclient.net", "superminecraft.net.br", "overcome-pmc-conferencing-books.trycloudflare.com", "donaldjtrmp.anondns.net", "labubu.anondns.net", "krebsec.anondns.net", "hybird-accesskey-staging-saas.s3.dualstack.ap-northeast-1.amazonaws.com", "ghostbin.axel.org", "194.69.203.32:81", "194.69.203.32:81", "194.69.203.32:81", "162.215.170.26:3000", "216.158.232.43:12000", "overcome-pmc-conferencing-books.trycloudflare.com", "donaldjtrmp.anondns.net:1488", "labubu.anondns.net:1488", "krebsec.anondns.net:2316/dong", "hybird-accesskey-staging-saas.s3.dualstack.ap-northeast-1.amazonaws.com", "ghostbin.axel.org"]);n_Im_NetworkSession(starttime=todatetime(ago(lookback)), endtime=now())n| where DstIpAddr in (ioc_ip_addr) or DstDomain has_any (ioc_domains)
| summarize imNWS_mintime=min(TimeGenerated), imNWS_maxtime=max(TimeGenerated),
  EventCount=count() by SrcIpAddr, DstIpAddr, DstDomain, Dvc, EventProduct, EventVendor

Detect Web Sessions IP and file hash indicators of compromise using ASIM

//IP list - _Im_WebSession
let lookback = 30d;
let ioc_ip_addr = dynamic(["194.69.203.32", "162.215.170.26", "216.158.232.43", "196.251.100.191", "46.36.37.85", "92.246.87.48"]);
let ioc_sha_hashes =dynamic(["c2867570f3bbb71102373a94c7153239599478af84b9c81f2a0368de36f14a7c", "9e9514533a347d7c6bc830369c7528e07af5c93e0bf7c1cd86df717c849a1331", "b63860cefa128a4aa5d476f300ac45fd5d3c56b2746f7e72a0d27909046e5e0f", "d60461b721c0ef7cfe5899f76672e4970d629bb51bb904a053987e0a0c48ee0f", "d3c897e571426804c65daae3ed939eab4126c3aa3fa8531de5e8f0b66629fe8a", "d71779df5e4126c389e7702f975049bd17cb597ebcf03c6b110b59630d8f3b4d", "b5acbcaccc0cfa54500f2bbb0745d4b5c50d903636f120fc870082335954bec8", "4cbdd019cfa474f20f4274310a1477e03e34af7c62d15096fe0df0d3d5668a4d", "f347eb0a59df167acddb245f022a518a6d15e37614af0bbc2adf317e10c4068b", "661d3721adaa35a30728739defddbc72b841c3d06aca0abd4d5e0aad73947fb1", "876923709213333099b8c728dde9f5d86acfd0f3702a963bae6a9dde35ba8e13", "2ebed29e70f57da0c4f36a9401a7bbd36e6ddd257e0920aa4083240afa3a6457", "f1ee866f6f03ff815009ff8fd7b70b902bc59b037ac54b6cae9b8e07beb854f7", "7e90c174829bd4e01e86779d596710ad161dbc0e02a219d6227f244bf271d2e5"]);b_Im_WebSession(starttime=todatetime(ago(lookback)), endtime=now())b| where DstIpAddr in (ioc_ip_addr) or FileSHA256 in (ioc_sha_hashes)
| summarize imWS_mintime=min(TimeGenerated), imWS_maxtime=max(TimeGenerated),
  EventCount=count() by SrcIpAddr, DstIpAddr, Url, Dvc, EventProduct, EventVendor

Detect domain and URL indicators of compromise using ASIM

// Domain list - _Im_WebSession
let ioc_domains = dynamic(["anywherehost.site", "xpertclient.net", "superminecraft.net.br", "overcome-pmc-conferencing-books.trycloudflare.com", "donaldjtrmp.anondns.net", "labubu.anondns.net", "krebsec.anondns.net", "hybird-accesskey-staging-saas.s3.dualstack.ap-northeast-1.amazonaws.com", "ghostbin.axel.org", "194.69.203.32:81", "194.69.203.32:81", "194.69.203.32:81", "162.215.170.26:3000", "216.158.232.43:12000", "overcome-pmc-conferencing-books.trycloudflare.com", "donaldjtrmp.anondns.net:1488", "labubu.anondns.net:1488", "krebsec.anondns.net:2316/dong", "hybird-accesskey-staging-saas.s3.dualstack.ap-northeast-1.amazonaws.com", "ghostbin.axel.org"]);
_Im_WebSession (url_has_any = ioc_domains)

Detect files hashes indicators of compromise using ASIM

// file hash list - imFileEvent
let ioc_sha_hashes = dynamic(["c2867570f3bbb71102373a94c7153239599478af84b9c81f2a0368de36f14a7c", "9e9514533a347d7c6bc830369c7528e07af5c93e0bf7c1cd86df717c849a1331", "b63860cefa128a4aa5d476f300ac45fd5d3c56b2746f7e72a0d27909046e5e0f", "d60461b721c0ef7cfe5899f76672e4970d629bb51bb904a053987e0a0c48ee0f", "d3c897e571426804c65daae3ed939eab4126c3aa3fa8531de5e8f0b66629fe8a", "d71779df5e4126c389e7702f975049bd17cb597ebcf03c6b110b59630d8f3b4d", "b5acbcaccc0cfa54500f2bbb0745d4b5c50d903636f120fc870082335954bec8", "4cbdd019cfa474f20f4274310a1477e03e34af7c62d15096fe0df0d3d5668a4d", "f347eb0a59df167acddb245f022a518a6d15e37614af0bbc2adf317e10c4068b", "661d3721adaa35a30728739defddbc72b841c3d06aca0abd4d5e0aad73947fb1", "876923709213333099b8c728dde9f5d86acfd0f3702a963bae6a9dde35ba8e13", "2ebed29e70f57da0c4f36a9401a7bbd36e6ddd257e0920aa4083240afa3a6457", "f1ee866f6f03ff815009ff8fd7b70b902bc59b037ac54b6cae9b8e07beb854f7", "7e90c174829bd4e01e86779d596710ad161dbc0e02a219d6227f244bf271d2e5"]);dimFileEventd| where SrcFileSHA256 in (ioc_sha_hashes) or
TargetFileSHA256 in (ioc_sha_hashes)
| extend AccountName = tostring(split(User, @'')[1]), 
  AccountNTDomain = tostring(split(User, @'')[0])
| extend AlgorithmType = "SHA256"

Find use of reverse shells

This query looks for potential reverse shell activity initiated by cmd.exe or PowerShell. It matches the use of reverse shells in this attack: reverse-shell-nishang.

Indicators of compromise

The list below is non-exhaustive and does not represent all indicators of compromise observed in the known campaigns:

References

• Critical Security Vulnerability in React Server Components – React
• NVD – CVE-2025-55182
• CVE-2025-55182 (React2Shell) Opportunistic Exploitation In The Wild: What The GreyNoise Observation Grid Is Seeing So Far

Learn more  

For the latest security research from the Microsoft Threat Intelligence community, check out the Microsoft Threat Intelligence Blog.

To get notified about new publications and to join discussions on social media, follow us on LinkedIn, X (formerly Twitter), and Bluesky.

To hear stories and insights from the Microsoft Threat Intelligence community about the ever-evolving threat landscape, listen to the Microsoft Threat Intelligence podcast.

The guidance provided in this blog post represents general best practices and is intended for informational purposes only. Customers remain responsible for evaluating and implementing security measures appropriate for their environments.

The post Defending against the CVE-2025-55182 (React2Shell) vulnerability in React Server Components appeared first on Microsoft Security Blog.

Today, we are proud to share that Microsoft has been recognized as an overall leader in the KuppingerCole Leadership Compass for Generative AI Defense (GAD), an independent report from a leading European analyst firm. This recognition reinforces the work we’ve been doing to deliver enterprise-ready Security and Governance capabilities for AI, and reflects our commitment to helping customers secure AI at scale.

Figure 1: KuppingerCole Generative AI Defense Leadership Compass chart highlighting Microsoft as the top Overall Leader, with other vendors including Palo Alto Networks, Cisco, F5, NeuralTrust, IBM, and others positioned as challengers or followers.

At Microsoft, our approach to Generative AI Defense is grounded in a simple principle: security is a core primitive which must be embedded everywhere – across AI apps, agents, platforms, and infrastructure. Microsoft delivers this through a comprehensive and integrated approach that provides visibility, protection, and governance across the full AI stack.

Our capabilities and controls help organizations address the most pressing challenges CISOs and security leaders face as AI adoption accelerates. We protect against agent sprawl and resource access with identity-first controls like Entra Agent ID and lifecycle governance, alongside network-layer controls that surface hidden shadow AI risks.  We prevent sensitive data leaks with Microsoft Purview’s real-time data loss prevention, classification, and inference safeguards. We defend against new AI threats and vulnerabilities with Microsoft Defender’s runtime protection, posture management, and AI-driven red teaming. Finally, we help organizations stay in compliance with evolving AI regulations with built-in support for frameworks like the EU AI Act, NIST AI RMF, and ISO 42001, so teams can confidently innovate while meeting governance requirements. Foundational security is also built into Microsoft 365 Copilot and Microsoft Foundry, with identity controls, data safeguards, threat protection, and compliance integrated from the start.

Guidance for Security Leaders and CISOs

For CISOs enabling their organizations to accelerate their AI transformation journeys, the following priorities are essential to building a secure, governed, and scalable AI foundation.  This guidance reflects a combination of key recommendations from KuppingerCole and Microsoft’s perspective on how we deliver on those recommendations:

What differentiates Microsoft is the comprehensive set of security capabilities woven into the Microsoft AI agents, apps, and platform. Shared capabilities across Microsoft Entra, Purview, and Defender deliver consistent protection for IT, developers, and security teams, while tools such as Microsoft Agent 365, Foundry Control Plane, and Security Dashboard for AI integrate security and observability directly where AI applications and agents are built, deployed, and governed. Together, these capabilities, including our latest capabilities from Ignite, help organizations deploy AI securely, reduce operational complexity, and strengthen trust across their environment.

Closing Thoughts

Agentic AI is transforming how organizations work, and with that shift comes a new security frontier. As AI becomes embedded across business processes, taking a proactive approach to defense-in-depth, governance, and integrated AI security is essential. Organizations that act early will be better positioned to innovate confidently and maintain trust.

At Microsoft, we recognize that securing AI requires purpose-built, enterprise-ready protection. With Microsoft Security for AI, organizations can safeguard sensitive data, protect against emerging AI threats, detect and remediate vulnerabilities, maintain compliance with evolving regulations, and strengthen trust as AI adoption accelerates. In this rapidly evolving landscape, AI defense is not optional, it is foundational to protecting innovation and ensuring enterprise readiness.

Explore more

• Read the full KuppingerCole Leadership Compass on Generative AI Defense (GAD)
• Learn more about Security for AI
• Read our latest Security for AI blog to learn more about our latest capabilities
• Visit the Microsoft Security site for the latest innovations.

Updated Dec 15, 2025

Version 1.0

The post Microsoft named an overall leader in KuppingerCole Leadership Compass for Generative AI Defense appeared first on Microsoft Security Blog.

As organizations rapidly embrace generative and agentic AI, ensuring robust, unified governance has never been more critical. That’s why Microsoft is honored to be named a Leader in the 2025-2026 IDC MarketScape for Worldwide Unified AI Governance Platforms (Vendor Assessment (#US53514825, December 2025). We believe this recognition highlights our commitment to making AI innovation safe, responsible, and enterprise-ready—so you can move fast without compromising trust or compliance.

The urgency for a unified AI governance strategy is being driven by stricter regulatory demands, the sheer complexity of managing AI systems across multiple AI platforms and multicloud and hybrid environments, and leadership concerns for risk related to negative brand impact. Centralized, end-to-end governance platforms help organizations reduce compliance bottlenecks, lower operational risks, and turn governance into a strategic driver for responsible AI innovation. In today’s landscape, unified AI governance is not just a compliance obligation—it is critical infrastructure for trust, transparency, and sustainable business transformation.

Our own approach to AI is anchored to Microsoft’s Responsible AI standard, backed by a dedicated Office of Responsible AI. Drawing from our internal experience in building, securing, and governing AI systems, we translate these learnings directly into our AI management tools and security platform. As a result, customers benefit from features such as transparency notes, fairness analysis, explainability tools, safety guardrails, regulatory compliance assessments, agent identity, data security, vulnerability identification, and protection against cyberthreats like prompt-injection attacks. These tools enable them to develop, secure, and govern AI that aligns with ethical principles and is built to help support compliance with regulatory requirements. By integrating these capabilities, we empower organizations to make ethical decisions and safeguard their business processes throughout the entire AI lifecycle.

Microsoft’s AI Governance capabilities aim to provide integrated and centralized control for observability, management, and security across IT, developer, and security teams, ensuring integrated governance within their existing tools. Microsoft Foundry acts as our main control point for model development, evaluation, deployment, and monitoring, featuring a curated model catalog, machine learning oeprations, robust evaluation, and embedded content safety guardrails. Microsoft Agent 365, which was not yet available at the time of the IDC publication, provides a centralized control plane for IT, helping teams confidently deploy, manage, and secure their agentic AI published through Microsoft 365 Copilot, Microsoft Copilot Studio, and Microsoft Foundry.

Deeply embedded security systems are integral to Microsoft’s AI governance solution. Integrations with Microsoft Purview provide real-time data security, compliance, and governance tools, while Microsoft Entra provides agent identity and controls to manage agent sprawl and prevent unauthorized access to confidential resources. Microsoft Defender offers AI-specific posture management, threat detection, and runtime protection. Microsoft Purview Compliance Manager automates adherence to more than 100 regulatory frameworks. Granular audit logging and automated documentation bolster regulatory and forensic capabilities, enabling organizations in regulated industries to innovate with AI while maintaining oversight, secure collaboration, and consistent policy enforcement.

Guidance for security and governance leaders and CISOs

To empower organizations in advancing their AI transformation initiatives, it is crucial to focus on the following priorities for establishing a secure, well-governed, and scalable AI framework. The guidance below provides Microsoft’s recommendations for fulfilling these best practices:

We believe we are differentiated in the AI governance space by delivering a unified, end-to-end platform that embeds responsible AI principles and robust security at every layer—from agents and applications to underlying infrastructure. Through native integration of Microsoft Foundry, Microsoft Agent 365, Purview, Entra, and Defender, organizations benefit from centralized oversight and observability across the layers of the organization with consistent protection and operationalized compliance across the AI lifecycle. Our comprehensive approach removes disparate and disconnected tooling, enabling organizations to build trustworthy, transparent, and secure AI solutions that can start secure and stay secure. We believe this approach uniquely differentiates Microsoft as a leader in operationalizing responsible, secure, and auditable AI at scale.

Strengthen your security strategy with Microsoft AI governance solutions

Agentic and generative AI are reshaping business processes, creating a new frontier for security and governance. Organizations that act early and prioritize governance best practices—unified governance platforms, build-in responsible AI tooling, and integrated security—will be best positioned to innovate confidently and maintain trust.

Microsoft approaches AI governance with a commitment to embedding responsible practices and robust security at every layer of the AI ecosystem. Our AI governance and security solutions empower customers with built-in transparency, fairness, and compliance tools throughout engineering and operations. We believe this approach allows organizations to benefit from centralized oversight, enforce policies consistently across the entire AI lifecycle, and achieve audit readiness—even in the rapidly changing landscape of generative and agentic AI.

Explore more

• Read the IDC MarketScape excerpt.
• Learn more about AI Security, Governance and Compliance.
• Read our latest Security for AI blog to learn more about our latest capabilities

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

The post Microsoft named a Leader in IDC MarketScape for Unified AI Governance Platforms appeared first on Microsoft Security Blog.

Over the past year, Microsoft Threat Intelligence observed the proliferation of RedVDS, a virtual dedicated server (VDS) provider used by multiple financially motivated threat actors to commit business email compromise (BEC), mass phishing, account takeover, and financial fraud. Microsoft’s investigation into RedVDS services and infrastructure uncovered a global network of disparate cybercriminals purchasing and using to target multiple sectors, including legal, construction, manufacturing, real estate, healthcare, and education in the United States, Canada, United Kingdom, France, Germany, Australia, and countries with substantial banking infrastructure targets that have a higher potential for financial gain. In collaboration with law enforcement agencies worldwide, Microsoft’s Digital Crimes Unit (DCU) recently facilitated a disruption of RedVDS infrastructure and related operations.

RedVDS is a criminal marketplace selling illegal software and services that facilitated and enabled cybercrime. The marketplace offers a simple and feature-rich user interface for purchasing unlicensed and inexpensive Windows-based Remote Desktop Protocol (RDP) servers with full administrator control and no usage limits – a combination eagerly exploited by cybercriminals. Microsoft’s investigation into RedVDS revealed a single, cloned Windows host image being reused across the service, leaving unique technical fingerprints that defenders could leverage for detection.

Microsoft tracks the threat actor who develops and operates RedVDS as Storm-2470. We have observed multiple cybercriminal actors, including Storm-0259, Storm-2227, Storm-1575, Storm-1747, and phishing actors who used the RacoonO365 phishing service prior its coordinated takedown, leveraging RedVDS infrastructure. RedVDS launched their website in 2019 and has been operating publicly since to offer servers in locations including the United States, United Kingdom, Canada, France, Netherlands, and Germany. The primary website used the redvds[.]com domain, with secondary domains at redvds[.]pro and vdspanel[.]space.

RedVDS uses a fictitious entity claiming to operate and be governed by Bahamian Law​. RedVDS customers purchased the service through cryptocurrency, primarily Bitcoin and Litecoin, adding another layer of obfuscation to illicit activity. Additionally, RedVDS supports a broad range of digital currency, including Monero, Binance Coin, Avalanche, Dogecoin, and TRON.

The mass scale of operations facilitated by RedVDS infrastructure and roughly US $40 million in reported fraud losses driven by RedVDS‑enabled activity in the United States alone since March 2025 underscore the threat of an invisible infrastructure providing scalability and ease for cybercriminals to access target networks. In this blog, we share our analysis of the technical aspects of RedVDS: its infrastructure, provisioning methods, and the malware and tools deployed on RedVDS hosts. We also provide recommendations to protect against RedVDS-related threats such as phishing attacks.

Uncovering the RedVDS Infrastructure

Microsoft Threat Intelligence investigations revealed that RedVDS has become a prolific tool for cybercriminals in the past year, facilitating thousands of attacks including credential theft, account takeovers, and mass phishing. RedVDS offers its services for a nominal fee, making it accessible for cybercriminals worldwide.

Over time, Microsoft Threat Intelligence identified attacks showing thousands of stolen credentials, invoices stolen from target organizations, mass mailers, and phish kits, indicating that multiple Windows hosts were all created from the same base Windows installation. Additional investigations revealed that most of the hosts were created using a single computer ID, signifying that the same Windows Eval 2022 license was used to create these hosts. By using the stolen license to make images, Storm-2470 provided its services at a substantially lower cost, making it attractive for threat actors to purchase or acquire RedVDS services.

Anatomy of RedVDS Infrastructure

Service model and base image: RedVDS provided virtual Windows cloud servers, which were generated from a single Windows Server 2022 image, through RDP. All RedVDS instances identified by Microsoft used the same computer name, WIN-BUNS25TD77J, an anomaly that stood out because legitimate cloud providers randomize hostnames. This host fingerprint appears in RDP certificates and system telemetry, serving as a core indicator of RedVDS activity. The underlying trick is that Storm-2470 created one Windows virtual machine (VM) and repeatedly cloned it without customizing the system identity. 

Automated provisioning: The RedVDS operator employed Quick Emulator (QEMU) virtualization combined with VirtIO drivers to rapidly generate cloned Windows instances on demand. When a customer ordered a server, an automated process copied the master VM image (with the pre-set hostname and configuration) onto a new host. This yielded new servers that are clones of the original, using the same hostname and baseline hardware IDs, differing only by IP address and hostname prefix in some cases. This uniform deployment strategy allowed RedVDS to stand up fresh RDP hosts within minutes, a scalability advantage for cybercriminals. It also meant that all RedVDS hosts shared certain low-level identifiers (for example, identical OS installation IDs and product keys), which defenders could potentially pivot on if exposed in telemetry. 

Payment and access: The RedVDS service operated using an online portal, RedVDS[.]com, where access was sold for cryptocurrency, often Bitcoin, to preserve anonymity. After payment, customers received credentials to sign in using Remote Desktop. Notably, RedVDS did not impose usage caps or maintain activity logs (according to its own terms of service), making it attractive for illicit use.  Additionally, the use of unlicensed software allowed RedVDS to offer its services at a nominal cost, making it more accessible for threat actors as a prolific tool for cybercriminal activity.

Hosting footprint: RedVDS did not own physical datacenters; instead, it rented servers from third-party hosting providers to run its service. We traced RedVDS nodes to at least five hosting companies in the United States, Canada, United Kingdom, France, and Netherlands. These providers offer bare-metal or virtual private server (VPS) infrastructure. By distributing across multiple providers and countries, RedVDS could provision IP addresses in geolocations close to targets (for example, a US victim might be attacked from a US-based  IP address), helping cybercriminals evade geolocation-based security filters. It also meant that RedVDS traffic blended with normal data center traffic, requiring defenders to rely on deeper fingerprints (like the host name or usage patterns) rather than IP address alone. 

We observed RedVDS most commonly hosted within the following AS/ASNs from December 5 to 19, 2025:

Malware and tooling on RedVDS hosts

RedVDS is an infrastructure service that facilitated malicious activity, but unlike malware, it did not perform harmful actions itself; the threat came from how criminals used the servers after provisioning. Our investigation found that RedVDS customers consistently set up a standard toolkit of malicious or dual-use software on their rented servers to facilitate their campaigns. By examining multiple RedVDS instances, we identified a recurring set of tools: 

• Mass mailer utilities: A variety of spam/phishing email tools were installed to send bulk emails. We observed examples like SuperMailer, UltraMailer, BlueMail, SquadMailer, and Email Sorter Pro/Ultimate on RedVDS machines. These programs are designed to import lists of email addresses and blast out phishing emails or scam communications at scale. They often include features to randomize content or schedule sends, helping cybercriminals manage large phishing campaigns directly from the RedVDS host. 
• Email address harvesters: We found tools, such as Sky Email Extractor, that allowed cybercriminals to scrape or validate large numbers of email addresses. These helped build victim lists for phishing. We also found evidence of scripts or utilities to sort and clean email lists (to remove bounces, duplicates, and others), indicating that RedVDS users were managing mass email operations end-to-end on these servers. 
• Privacy and OPSEC tools: RedVDS hosts had numerous applications to keep the operators’ activities under the radar. For example, we observed installations of privacy-focused web browsers (likeWaterfox, Avast Secure Browser, Norton Private Browser), and multiple virtual private network (VPN) clients (such as NordVPN and ExpressVPN). Cybercriminals likely used these to route traffic through other channels (or to access criminal forums safely) from their RedVDS server, and to ensure any browsing or additional communications from the server were masked. Also present was SocksEscort, a proxy/socksifier tool, hinting that some RedVDS tenants ran malware that required SOCKS proxies to reach targets. 

• Remote access and management: Many RedVDS instances had AnyDesk installed. AnyDesk is a legitimate remote desktop tool, suggesting that criminals might have used it to sign in to and control their RedVDS boxes more conveniently or even share access among co-conspirators. 
• Automation and scripting: We found evidence of scripting environments and attempts to use automation services. For example, Python was installed on some RedVDS hosts (with scripts for tasks like parsing data), and one actor attempted to use Microsoft Power Automate (Flow) to programmatically send emails using Excel, though their attempt was not fully successful. Additionally, some RedVDS users leveraged ChatGPT or other OpenAI tools to overcome language barriers when writing phishing lures. Consequently, non‑English‑speaking operators could generate more polished English‑language lure emails by using AI tools on the compromised RedVDS host.

Below is a summary table of tool categories observed on RedVDS hosts and their primary purpose: 

Mapping the RedVDS attack chain

Threat actors used RedVDS because it provided a highly permissive, low-cost, resilient environment where they could launch and conceal multiple stages of their operation. Once provisioned, these cloned Windows hosts gave actors a ready‑made platform to research targets, stage phishing infrastructure, steal credentials, hijack mailboxes, and execute impersonation‑based financial fraud with minimal friction. Threat actors benefited from RedVDS’s unrestricted administrative access and negligible logging, allowing them to operate without meaningful oversight. The uniform, disposable nature of RedVDS servers allowed cybercriminals to rapidly iterate campaigns, automate delivery at scale, and move quickly from initial targeting to financial theft.

Reconnaissance

RedVDS operators leveraged their provisioned server to gather intelligence on fraud targets and suppliers, collecting organizational details, payment workflows, and identifying key personnel involved in financial transactions. This information helped craft convincing spear-phishing emails tailored to the victim’s business context.

During this phase, cybercriminals also researched tools and methods to optimize their campaigns. For example, Microsoft observed RedVDS customers experimenting with Microsoft Power Automate to attempt to automate the delivery of phishing emails directly from Excel files containing personal attachments. These attempts were unsuccessful, but their exploration of automation tools showed a clear intent to streamline delivery workflows and scale their attacks.

Resource development and delivery

Next, RedVDS operators developed their phishing capabilities by transforming its permissive virtual servers into a full operational infrastructure. They did this by purchasing phishing-as-a-service (PhaaS) infrastructure or manually assembling their own tooling, including installing and configuring phishing kits, using mass mailer tools, email address harvesters, and evasion capabilities, such as VPNs and remote desktop tools. Operators then built automation pipelines by writing scripts to import target lists, generating PDF or HTML lure attachments, and automating sending cycles to support high-volume delivery. While RedVDS itself only provided permissive VDS hosting, operators deployed their own automation tooling on these servers to enable large-scale phishing email delivery.

Once their tooling is in place, operators began staging their phishing infrastructure by registering domains that often masqueraded as legitimate domains, setting up phishing pages and credential collectors, and testing the end-to-end delivery before launching their attacks.

Account compromise

RedVDS operators gained initial access through successful phishing attacks. Targets received phishing emails crafted to appear legitimate. When a recipient clicked the malicious link or opened the lure, they are redirected to a phishing page that mimicked a trusted sign-in portal. Here, credentials are harvested, and in some cases, cybercriminals triggered multifactor authentication (MFA) prompts that victims approved, granting full access to accounts.

Credential theft and mailbox takeover

Once credentials were captured through phishing, RedVDS facilitated the extraction and storage of replay tokens or session cookies. These artifacts allowed cybercriminals to bypass MFA and maintain persistent access without triggering additional verification, streamlining account takeover.

With valid credentials or tokens, cybercriminals signed in to the compromised mailbox. They searched for financial conversations, pending invoices, and supplier details, copying relevant emails to prepare for impersonation and fraud. This stage often included monitoring ongoing threads to identify the most opportune moment to intervene.

Impersonation infrastructure development

Building on the initial RedVDS footprint, operators expanded their infrastructure to large-volume phishing and impersonation activity. A critical component of this phase was the registration and deployment of homoglyph domains, lookalike domains crafted to mimic legitimate supplier or business partners with near-indistinguishable character substitutions. During the investigation, Microsoft uncovered over 7,300 IP addresses linked to RedVDS infrastructure that collectively hosted more than 3,700 homoglyph domains within a 30-day period.

Using these domains, operators created impersonation mailboxes and inserted themselves into ongoing email threads, effectively hijacking trusted communications channels. This combination of homoglyph domain infrastructure, mailbox impersonation, and thread hijacking formed the backbone of highly convincing BEC operations and enabled seamless social engineering that pressured victims into completing fraudulent financial transactions.

Social engineering

Using the impersonation setup, cybercriminals further injected themselves into legitimate conversations with suppliers or internal finance teams. They sent payment change requests or fraudulent invoices, leveraging urgency and trust to manipulate targets into transferring funds. For example, Microsoft Threat Intelligence observed multiple actors, including Storm-0259, using RedVDS to deliver fake unpaid invoices to businesses that directed the recipient to make a same day payment to resolve the debt. The email included PDF attachments of the fake invoice, banking details to make the payment, and contact details of the impersonator.

Payment fraud

Finally, the victim processed the fraudulent payment, transferring funds to an attacker-controlled mule account. These accounts were often part of a larger laundering network, making recovery difficult.

Common attacks using RedVDS infrastructure

Mass phishing: In most cases, Microsoft observed RedVDS customers using RedVDS as primary infrastructure to conduct mass phishing. Prior to sending out emails, cybercriminals linked to RedVDS infrastructure abused Microsoft 365 services to register fake tenants posing as legitimate local businesses or organizations. These cybercriminals also installed additional legitimate applications on RedVDS server, including Brave browser, likely to mask browsing activity; Telegram Desktop, Signal Desktop, and AnyTime Desktop to facilitate their operations; as well as mass mailer tools such as SuperMailer, UltraMailer, and BlueMail.

Password spray: Microsoft observed actors conducting password spray attacks using RedVDS infrastructure to gain initial access to target systems.

Spoofed phishing attacks: Microsoft has observed actors using RedVDS infrastructure to send phishing messages that appear as internally sent email communications by spoofing the organizations’ domains. Threat actors exploit complex routing scenarios and misconfigured spoof protections to carry out these email campaigns, with RedVDS providing the means to send the phishing emails in majority of cases. This phishing attack vector does not affect customers whose Microsoft Exchange mail exchanger (MX) records point to Office 365; these tenants are protected by native built-in spoofing detections.

Lures used in these attacks are themed around voicemails, shared documents, communications from human resources (HR) departments, password resets or expirations, and others, leading to credential phishing. Microsoft has also observed a campaign leveraging this vector to conduct financial scams against organizations, attempting to trick them into paying false invoices to fraudulently created banking accounts. Phishing messages sent through this method might seem like internal communications, making them more effective. Compromised credentials could result in data theft, business email compromise, or financial loss, all requiring significant remediation.

Business email compromise/Account takeover: Microsoft observed RedVDS customers using the infrastructure to conduct BEC attacks that included account takeovers of organizations or businesses. In several cases, these actors also created homoglyph domains to appear legitimate in payment fraud operations. During email takeover operations, RedVDS customers used compromised accounts in BEC operations to conduct follow-on activity. In addition to mass mailers, these cybercriminals signed in to user mailboxes and used those accounts to conduct lateral movement within the targeted organization’s environment and look for other possible users or contacts, allowing them to conduct reconnaissance and craft more convincing phishing emails. Following successful account compromise, the cybercriminals often created an invitation lure and uploaded it to the victim’s SharePoint. In these cases, Microsoft observed the cybercriminals exfiltrating financial data, namely banking information from the same organizations that were impersonated in addition to mass downloading of invoices, and credential theft.

Defending against RedVDS-related operations

RedVDS is an infrastructure provider that facilitated criminal activity, and it is not by itself a malware tool that deploys malicious code. This activity is not exclusively abusing Microsoft services but likely other providers as well.

While Microsoft notes that the organizations at most risk for RedVDS-related operations are legal, construction, manufacturing, real estate, healthcare, and education, the activity conducted by malicious actors using RedVDS are common attacks that could affect any business or consumers, especially with an established relationship where high volume of transactions are exchanged.

The overwhelming majority of RedVDS-related activity comprises social engineering, phishing operations, and business email compromise. Microsoft recommends the following recommendations to mitigate the impact of RedVDS-related threats.

Preventing phishing attacks

Defending against phishing attacks begins at the primary gateways: email and other communication platforms.

• Review our recommended settings for Exchange Online Protection and Microsoft Defender for Office 365 to ensure your organization has established essential defenses and knows how to monitor and respond to threat activity.
• Invest in user awareness training and phishing simulations. Attack simulation training in Microsoft Defender for Office 365, which also includes simulating phishing messages in Microsoft Teams, is one approach to running realistic attack scenarios in your organization.
• Follow Microsoft’s security best practices for Microsoft Teams.
• Configure the Microsoft Defender for Office 365 Safe Links policy to apply to internal recipients.

Hardening credentials and cloud identities is also necessary to defend against phishing attacks, which seek to gain valid credentials and access tokens.  As an initial step, use passwordless solutions like passkeys and implement MFA throughout your environment:

• Use the Microsoft Authenticator app for passkeys and MFA, and complement MFA with conditional access policies, where sign-in requests are evaluated using additional identity-driven signals.
• Conditional access policies can also be scoped to strengthen privileged accounts with phishing resistant MFA.
• Your passkey and MFA policy can be further secured by only allowing MFA and passkey registrations from trusted locations and devices

Preventing business email compromise (BEC)

Organizations can mitigate BEC risks by focusing on key defense measures, such as implementing comprehensive social engineering training for employees and enhancing awareness of phishing tactics. Educating users about identifying and reporting suspicious emails is critical. Essential technical measures include securing device services, including email settings through services like Microsoft Defender XDR, enabling MFA, and promoting strong password protection. Additionally, using secure payment platforms and tightening controls around financial processes can help reduce risks related to fraudulent transactions. Collectively, these proactive measures strengthen defenses against BEC attacks.

• Ensure that admin and user accounts are distinct by using Privileged Identity Management or dedicated accounts for privileged tasks, limiting overprivileged permissions. Adaptive Protection can automatically apply strict security controls on high-risk users, minimizing the impact of potential data security incidents.
• Avoid opening emails, attachments, and links from suspicious sources. Verify sender identities before interacting with any links or attachments. In most RedVDS-related BEC cases, once the actor took over an email account, the victim’s inbox was studied and used to learn about existing relationships with other vendors or contacts, making this step extra crucial. Educate employees on data security best practices through regular training on phishing indicators, domain mismatches, and other BEC red flags. Leverage Microsoft curated resources and training and deploy phishing risk-reduction tool to conduct simulations and targeted education. Encourage users to browse securely with Microsoft Edge or other SmartScreen-enabled browsers to block malicious websites, including phishing domains.
• Enforcing robust email security settings is critical for preventing spoofing, impersonation, and account compromise, which are key tactics in BEC attacks. Most domains sending mail to Office 365 lack valid DMARC enforcement, making them susceptible to spoofing. Microsoft 365 and Exchange Online Protection (EOP) mitigate this risk by detecting forged “From” headers to block spoofed emails and prevent credential theft. Spoof intelligence, enabled by default, adds an extra layer of security by identifying spoofed senders.

Microsoft Defender XDR detections

Microsoft Defender XDR detects a wide variety of post-compromise activity leveraging the RedVDS service, including:

• Possible BEC-related inbox rule (Microsoft Defender for Cloud apps)
• Compromised user account in a recognized attack pattern (Microsoft Defender XDR)
• Risky sign in attempt following a possible phishing campaign (Microsoft Defender for Office 365)
• Risky sign-in attempt following access to malicious phishing email (Microsoft Defender for Cloud Apps)
• Suspicious AnyDesk installation (Microsoft Defender for Endpoint)
• Password spraying (Microsoft Defender for Endpoint)

Microsoft Defender XDR coordinates detection, prevention, investigation, and response across endpoints, identities, email, apps to provide integrated protection against threats. Customers with provisioned access can also use Microsoft Security Copilot in Microsoft Defender to investigate and respond to incidents, hunt for threats, and protect their organization with relevant threat intelligence.

Microsoft Security Copilot

Security Copilot customers can use the standalone experience to create their own prompts or run the following prebuilt promptbooks to automate incident response or investigation tasks related to this threat:

• Incident investigation
• Microsoft User analysis
• Threat actor profile
• Threat Intelligence 360 report based on MDTI article
• Vulnerability impact assessment

Note that some promptbooks require access to plugins for Microsoft products such as Microsoft Defender XDR or Microsoft Sentinel.

Threat intelligence reports

Microsoft Defender XDR customers can use the following threat analytics reports in the Defender portal (requires license for at least one Defender XDR product) to get the most up-to-date information about the threat actor, malicious activity, and techniques discussed in this blog. These reports provide the intelligence, protection information, and recommended actions to prevent, mitigate, or respond to associated threats found in customer environments.

Microsoft Defender XDR threat analytics

• Threat overview: Business email compromise
• Threat Overview Profile: Evolving phishing threats

Microsoft Security Copilot customers can also use the Microsoft Security Copilot integration in Microsoft Defender Threat Intelligence, either in the Security Copilot standalone portal or in the embedded experience in the Microsoft Defender portal to get more information about this threat actor.

Indicators of compromise

The following table lists the domain variants belonging to RedVDS provider.

Learn more

For the latest security research from the Microsoft Threat Intelligence community, check out the Microsoft Threat Intelligence Blog.

To get notified about new publications and to join discussions on social media, follow us on LinkedIn, X (formerly Twitter), and Bluesky.

To hear stories and insights from the Microsoft Threat Intelligence community about the ever-evolving threat landscape, listen to the Microsoft Threat Intelligence podcast.

The post Inside RedVDS: How a single virtual desktop provider fueled worldwide cybercriminal operations appeared first on Microsoft Security Blog.

The Deputy CISO blog series is where Microsoft  Deputy Chief Information Security Officers (CISOs) share their thoughts on what is most important in their respective domains. In this series, you will get practical advice, tactics to start (and stop) deploying, forward-looking commentary on where the industry is going, and more. In this article, Terrell Cox, Vice President for Microsoft Security and Deputy CISO for Privacy and Policy, dives into the intersection of privacy and security.

For decades, Microsoft has consistently prioritized earning and maintaining the trust of the people and organizations that rely on its technologies. The 2025 Axios Harris Poll 100 ranked Microsoft as one of the top three most trusted brands in the United States.¹ At Microsoft, we believe one of the best ways we can build trust is through our long-established core values of respect, accountability, and integrity. We also instill confidence in our approach to regulations by demonstrating rigorous internal compliance discipline—such as regular audits, cross-functional reviews, and executive oversight—that mirrors the reliability we extend to customers externally.

Microsoft Trust Center

Our mission is to empower everyone to achieve more, and we build our products and services with security, privacy, compliance, and transparency in mind.

Explore products and services

Here at Microsoft, we are grounded in the belief that privacy is a human right, and we safeguard it as such. Whether you’re an individual using Microsoft 365 or a global enterprise running mission-critical workloads on Microsoft Azure, your privacy is protected by design. In my role as Vice President for Microsoft Security and Deputy CISO for Privacy and Policy at Microsoft, I see privacy and security as two sides of the same coin—complementary priorities that strengthen each other. They’re inseparable, and they can be simultaneously delivered to customers at the highest standard, whether they rely on Microsoft as data processor or data controller.

There are plenty of people out there who view the relationship between security and privacy as one of tension and conflict, but that doesn’t need to be the case. Within my team, we embrace differing viewpoints from security- and privacy-focused individuals as a core principle and a mechanism for refining our quality of work. To show you how we do this, I’d like to walk you through a few of the ways Microsoft delivers both security and privacy to its customers.

Security and privacy, implemented at scale

Our approach to safeguarding customer data is rooted in a philosophy that prioritizes security without the need for access to the data itself. Think of it as building a fortress where the walls (security) protect the treasures inside (data privacy) without ever needing to peek at them. Microsoft customers retain full ownership and control of their data, as outlined in our numerous privacy statements and commitments. We do not mine customer data for advertising, and customers can choose where their data resides geographically. Even when governments request access, we adhere to strict legal and contractual protocols to protect the interests of our customers.

A number of Microsoft technologies play important roles in the implementation of our privacy policy. Microsoft Entra, and in particular its Private Access capability, replaces legacy VPNs with identity-centric Zero Trust Network Access, allowing organizations to grant granular access to private applications without exposing their entire network. Microsoft Entra ID serves as the backbone for identity validation, ensuring that only explicitly trusted users and devices can access sensitive resources. This is complemented by the information protection and governance capabilities of Microsoft Purview, which enables organizations to classify, label, and protect data across Microsoft 365, Azure, and their third-party platforms. Microsoft Purview also supports automated data discovery, policy enforcement, and compliance reporting.

The beating heart of the Microsoft security strategy is the Secure Future Initiative. We assume breach and mandate verification for every access request, regardless of origin. Every user, every action, and every resource is continuously authenticated and authorized. Automated processes, like our Conditional Access policies, dynamically evaluate multiple factors like user identity, device health, location, and session risk before granting access. Support workers can access customer data only with the explicit approval of the customer through Customer Lockbox, which gives customers authorization and auditability controls over how and when Microsoft engineers may access their data. Once authorized by a customer, support workers may only access customer data through highly secure, monitored environments like hardened jump hosts—air-gapped Azure virtual machines that require multifactor authentication and employ just-in-time access gates.

Privacy is a human right

The intersection of privacy and security is not just a theoretical concept for Microsoft. It’s a practical reality that we work to embody through comprehensive, layered strategies and technical implementations. By using advanced solutions like Microsoft Entra and Microsoft Purview and adhering to the principles set out in our Secure Future Initiative, we help ensure that our customers’ data is protected at every level.

We demonstrate our commitment to privacy through our proactive approach to regulatory compliance, our tradition of transforming legal obligations into opportunities for innovation, and our commitment to earning the trust of our customers. Global and region-specific privacy, cybersecurity, and AI regulations often evolve over time. Microsoft embraces regulations not just as legal obligations but as strategic opportunities through which we can reinforce our commitments to privacy and security. This is exactly what we did when the European General Data Protection Regulation (GDPR) came into effect in May of 2018, and we’ve applied similar principles to emerging frameworks like India’s Digital Personal Data Protection Act (DPDP), the EU’s Network and Information Systems Directive 2 (NIS2) for cybersecurity, the Digital Operational Resilience Act (DORA) for financial sector resilience, and the EU AI Act for responsible AI governance.

Using regulatory compliance as a lever for innovation

Microsoft publicly cheered the GDPR as a step forward for individual privacy rights, and we committed ourselves to full compliance across our cloud services. We soon became an early adopter of the GDPR, adding GDPR-specific assurances to our cloud service contracts, including breach notification timelines and data subject rights.

Because we believe so strongly in these protections, our compliance efforts quickly became the foundation for a broader, proactive transformation of our privacy and security posture. First, we established a company-wide framework that formalized privacy responsibilities and safeguards. It mandated robust technical and organizational measures designed to protect personal data companywide, now aligned with cybersecurity standards like those in NIS2.

As part of this framework, Microsoft appointed data protection officers and identified corporate vice presidents in each business unit to provide group-level accountability. Microsoft also built what we believe is one of the most comprehensive privacy and compliance platforms in the industry. This platform is the result of a company-wide effort to give customers real control over their personal data, experienced with consistency across our products, while seamlessly integrating security and regulatory compliance.

To operationalize these commitments, we developed advertising and data deletion protocols that made sure data subject requests (DSRs) were honored across all our systems, including those managed by third-party vendors. Microsoft extended GDPR-like principles to customers globally. This initiative emphasized data minimization, consent management, and timely breach reporting. It also reinforced customers’ rights to access, correct, delete, and export their personal data.

Expanding from this foundation, we continue to take a proactive stance on emerging global regulations. For DPDP in India, we enhanced data localization and consent mechanisms in Azure to help organizations comply with local privacy mandates while maintaining robust security. Under NIS2 and DORA, our tools like Microsoft Defender for Cloud enable critical sectors to detect, respond, and build operational resilience—creating cybersecurity as the shield that protects privacy rights.

For the EU AI Act, Microsoft Responsible AI tools integrated with Microsoft Purview enable governance, classification, and compliance tracking of AI models, ensuring transparency and accountability across the AI lifecycle. In parallel, Microsoft Defender for Cloud extends protection for AI workloads and data environments, ensuring AI systems are secure, monitored, and resilient — much like a traffic light system that signals safe passage for innovation while mitigating risk.

Thanks to this early, decisive action to safeguard privacy and security worldwide, Microsoft is now in a strong leadership position as similar laws are passed by a growing number of countries. Because we’ve already gone above and beyond what initial regulations asked of us, we’re more easily able to adapt to the specifics of other related legal frameworks.

Learn more

To hear more from Microsoft Deputy CISOs, check out the OCISO blog series. To stay on top of important security industry updates, explore resources specifically designed for CISOs, and learn best practices for improving your organization’s security posture, join the Microsoft CISO Digest distribution list.

• Visit the Microsoft Trust Center to better understand your privacy rights and find ways to improve your security posture.
• To learn how Microsoft empowers organizations to innovate securely, explore Microsoft Security Solutions.
• Discover how to build digital trust with Microsoft Purview.
• See how Microsoft helps you turn compliance into competitive advantage, by exploring Microsoft Purview Compliance Manager.

Microsoft
Deputy CISOs

To hear more from Microsoft Deputy CISOs, check out the OCISO blog series:

To stay on top of important security industry updates, explore resources specifically designed for CISOs, and learn best practices for improving your organization’s security posture, join the Microsoft CISO Digest distribution list.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹The 2025 Axios Harris Poll 100 reputation rankings

The post How Microsoft builds privacy and security to work hand-in-hand appeared first on Microsoft Security Blog.

Phishing actors are exploiting complex routing scenarios and misconfigured spoof protections to effectively spoof organizations’ domains and deliver phishing emails that appear, superficially, to have been sent internally. Threat actors have leveraged this vector to deliver a wide variety of phishing messages related to various phishing-as-a-service (PhaaS) platforms such as Tycoon2FA. These include messages with lures themed around voicemails, shared documents, communications from human resources (HR) departments, password resets or expirations, and others, leading to credential phishing.

This attack vector is not new but has seen increased visibility and use since May 2025. The phishing campaigns Microsoft has observed using this attack vector are opportunistic rather than targeted in nature, with messages sent to a wide variety of organizations across several industries and verticals. Notably, Microsoft has also observed a campaign leveraging this vector to conduct financial scams against organizations. While these attacks share many characteristics with other credential phishing email campaigns, the attack vector abusing complex routing and improperly configured spoof protections distinguishes these campaigns. The phishing attack vector covered in this blog post does not affect customers whose Microsoft Exchange mail exchanger (MX) records point to Office 365; these tenants are protected by native built-in spoofing detections.

Phishing messages sent through this vector may be more effective as they appear to be internally sent messages. Successful credential compromise through phishing attacks may lead to data theft or business email compromise (BEC) attacks against the affected organization or partners and may require extensive remediation efforts, and/or lead to loss of funds in the case of financial scams. While Microsoft detects the majority of these phishing attack attempts, organizations can further reduce risk by properly configuring spoof protections and any third-party connectors to prevent spoofed phish or scam messages sent through this attack vector from reaching inboxes.

In this blog, we explain how threat actors are exploiting these routing scenarios and provide observations from related attacks. We provide specific examples—including technical analysis of phishing messages, spoof protections, and email headers—to help identify this attack vector. This blog also provides additional resources with information on how to set up mail flow rules, enforce spoof protections, and configure third-party connectors to prevent spoofed phishing messages from reaching user inboxes.

Spoofed phishing attacks

In cases where a tenant has configured a complex routing scenario, where the MX records are not pointed to Office 365, and the tenant has not configured strictly enforced spoof protections, threat actors may be able to send spoofed phishing messages that appear to have come from the tenant’s own domain. Setting strict Domain-based Message Authentication, Reporting, and Conformance (DMARC) reject and SPF hard fail (rather than soft fail) policies and properly configuring any third-party connectors will prevent phishing attacks spoofing organizations’ domains.

This vector is not, as has been publicly reported, a vulnerability of Direct Send, a mail flow method in Microsoft 365 Exchange Online that allows devices (like printers, scanners), applications, or third-party services to send email without authentication using the organization’s accepted domain, but rather takes advantage of complex routing scenarios and misconfigured spoof protections. Tenants with MX records pointed directly to Office 365 are not vulnerable to this attack vector of sending spoofed phishing messages.

As with most other phishing attacks observed by Microsoft Threat intelligence throughout 2025, the bulk of phishing campaigns observed using this attack vector employ the Tycoon2FA PhaaS platform, in addition to several other phishing services in use as well. In October 2025, Microsoft Defender for Office 365 blocked more than 13 million malicious emails linked to Tycoon2FA, including many attacks spoofing organizations’ domains. PhaaS platforms such as Tycoon2FA provide threat actors with a suite of capabilities, support, and ready-made lures and infrastructure to carry out phishing attacks and compromise credentials. These capabilities include adversary-in-the-middle (AiTM) phishing, which is intended to circumvent multifactor authentication (MFA) protections. Credential phishing attacks sent through this method employ a variety of themes such as voicemail notifications, password resets, HR communications, among others.

Microsoft Threat Intelligence has also observed emails intended to trick organizations into paying fake invoices, potentially leading to financial losses. Generally, in these spoofed phishing attacks, the recipient email address is used in both the “To” and “From” fields of the email, though some attacks will change the display name of the sender to make the attack more convincing and the “From” field could contain any valid internal email address.

Credential phishing with spoofed emails

The bulk of phishing messages sent through this attack vector uses the same lures as conventionally sent phishing messages, masquerading as services such as Docusign, or communications from HR regarding salary or benefits changes, password resets, and so on. They may employ clickable links in the email body or QR codes in attachments or other means of getting the recipient to navigate to a phish landing page. The appearance of having been sent from an internal email address is the most visible distinction to an end user, often with the same email address used in the “To” and “From” fields.

Email headers provide more information regarding the delivery of spoofed phishing emails, such as the appearance of an external IP address used by the threat actor to initiate the phishing attack. Depending on the configuration of the tenant, there will be SPF soft or hard fail, DMARC fail, and DKIM will equal none as both the sender and recipient appear to be in the same domain. At a basic level of protection, these should cause a message to land in a spam folder, but a user may retrieve and interact with phishing messages routed to spam. The X-MS-Exchange-Organization-InternalOrgSender will be set to True, but X-MS-Exchange-Organization-MessageDirectionality will be set to Incoming and X-MS-Exchange-Organization-ASDirectionalityType will have a value of “1”, indicating that the message was sent from outside of the organization. The combination of internal organization sender and incoming directionality is indicative of a message spoofed to appear as an internal communication, but not necessarily indicative of maliciousness. X-MS-Exchange-Organization-AuthAs will be set to Anonymous, indicating that the message came from an external source.

The Authentication-Results header example provided below illustrates the result of enforced authentication. 000 is an explicit DMARC failure. The resultant action is either reject or quarantine. The headers shown here are examples of properly configured environments, effectively blocking phishing emails sent through this attack vector:

spf=fail (sender IP is 51.89.59[.]188) smtp.mailfrom=contoso.com; dkim=none (message not signed) header.d=none;dmarc=fail action=quarantine header.from=contoso.com;compauth=fail reason=000

spf=fail (sender IP is 51.68.182[.]101) smtp.mailfrom= contoso.com; dkim=none (message not signed) header.d=none;dmarc=fail action=oreject header.from=contoso.com;

Any third-party connectors—such as a spam filtering service, security solution, or archiving service—must be configured properly or spoof detections cannot be calculated correctly, allowing phishing emails such as the examples below to be delivered. The first of these examples indicate the expected authentication failures in the header, but no action is taken due to reason 905, which indicates that the tenant has set up complex routing where the mail exchanger record (MX record) points to either an on-premises Exchange environment or a third-party service before reaching Microsoft 365:

spf=fail (sender IP is 176.111.219[.]85) smtp.mailfrom= contoso.com; dkim=none (message not signed) header.d=none;dmarc=fail action=none header.from= contoso.com;compauth=none reason=905

The phishing message masquerades as a notification from Microsoft Office 365 informing the recipient that their password will soon expire, although the subject line appears to be intended for a voicemail themed lure. The link in the email is a nested Google Maps URL pointing to an actor-controlled domain at online.amphen0l-fci[.]com.

The second example also shows the expected authentication failures, but with an action of “oreject” with reason 451, indicating complex routing and that the message was delivered to the spam folder.

spf=softfail (sender IP is 162.19.129[.]232) smtp.mailfrom=contoso.com; dkim=none (message not signed) header.d=none;dmarc=fail action=oreject header.from=contoso.com;compauth=none reason=451

This email masquerades as a SharePoint communication asking the recipient to review a shared document. The sender and recipient addresses are the same, though the threat actor has set the display name of the sender to “Pending Approval”. The InternalOrgSender header is set to True. On the surface, this appears to be an internally sent email, though the use of the recipient’s address in both the “To” and “From” fields may alert an end user that this message is not legitimate.

The nested Google URL in the email body points to actor-controlled domain scanuae[.]com. This domain acts as a redirector, loading a script that constructs a URL using the recipient’s Base64-encoded email before loading a custom CAPTCHA page on the Tycoon2FA domain valoufroo.in[.]net. A sample of the script loaded on scanuae[.]com is shown here:

The below example of the custom CAPTCHA page is loaded at the Tycoon2FA domain goorooyi.yoshemo.in[.]net. The CAPTCHA is one of many similar CAPTCHAs observed in relation to Tycoon2FA phishing sequences. Clicking through it leads to a Tycoon2FA phish landing page where the recipient is prompted to input their credentials. Alternatively, clicking through the CAPTCHA may lead to a benign page on a legitimate domain, a tactic intended to evade detection and analysis.

Spoofed email financial scams

Microsoft Threat Intelligence has also observed financial scams sent through spoofed emails. These messages are crafted to look like an email thread between a highly placed employee at the targeted organization, often the CEO of the organization, an individual requesting payment for services rendered, or the accounting department at the targeted organization. In this example, the message was initiated from 163.5.169[.]67 and authentication failures were not enforced, as DMARC is set to none and action is set to none, a permissive mode that does not protect against spoofed messages, allowing the message to reach the inbox on a tenant whose MX record is not pointed to Office 365.

Authentication-Results	spf=fail (sender IP is 163.5.169[.]67) smtp.mailfrom=contoso.com; dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=contoso.com;compauth=fail reason=601

The scam message is crafted to appear as an email thread with a previous message between the CEO of the targeted organization, using the CEO’s real name, and an individual requesting payment of an invoice. The name of the individual requesting payment (here replaced with “John Doe”) appears to be a real person, likely a victim of identity theft. The “To” and “From” fields both use the address for the accounting department at the targeted organization, but with the CEO’s name used as the display name in the “From” field. As with our previous examples, this email superficially appears to be internal to the organization, with only the use of the same address as sender and recipient indicating that the message may not be legitimate. The body of the message also attempts to instill a sense of urgency, asking for prompt payment to retain a discount.

Most of the emails observed as part of this campaign include three attached files. The first is the fake invoice requesting several thousand dollars to be sent through ACH payment to a bank account at an online banking company. The name of the individual requesting payment is also listed along with a fake company name and address. The bank account was likely set up using the individual’s stolen personally identifiable information.

The second attachment (not pictured) is an IRS W-9 form that lists the name and social security number of the individual used to set up the bank account. The third attachment is a fake “bank letter” ostensibly provided by an employee at the online bank used to set up the fraudulent account. The letter provides the same banking information as the invoice and attempts to add another layer of believability to the scam.

Falling victim to this scam could result in significant financial losses that may not be recoverable as the funds will likely be moved quickly by the actor in control of the fraudulent bank account.  

Mitigation and protection guidance

Preventing spoofed email attacks

The following links provide information for customers whose MX records are not pointed to Office 365 on how to configure mail flow connectors and rules to prevent spoofed emails from reaching inboxes.

• These links provide information on how to properly configure mail flow with connectors:
  • Manage mail flow using a third-party cloud service with Exchange Online
  • Configure mail flow using connectors in Exchange Online
  • Mail flow rules (transport rules) in Exchange Online
  • Enhanced filtering for connectors in Exchange Online
• These links provide information on configuring SPF, DKIM, and DMARC:
  • Email authentication in cloud organizations
  • Set up SPF to identify valid email sources for your custom cloud domains
  • Set up DKIM to sign mail from your cloud domain
  • Set up DMARC to validate the From address domain for cloud senders
• The following links provide more in-depth information on Direct Send:
  • Introducing more control over Direct Send in Exchange Online
  • Direct Send vs sending directly to an Exchange Online tenant

Mitigating AiTM phishing attacks

Microsoft Threat Intelligence recommends the following mitigations, which are effective against a range of phishing threats.

• Review our recommended settings for Exchange Online Protection and Microsoft Defender for Office 365.
• Configure Microsoft Defender for Office 365 to recheck links on click. Safe Links provides URL scanning and rewriting of inbound email messages in mail flow, and time-of-click verification of URLs and links in email messages, other Microsoft 365 applications such as Teams, and other locations such as SharePoint Online. Safe Links scanning occurs in addition to the regular anti-spam and anti-malware protection in inbound email messages in Microsoft Exchange Online Protection (EOP). Safe Links scanning can help protect your organization from malicious links used in phishing and other attacks.
• Turn on Zero-hour auto purge (ZAP) in Defender for Office 365 to quarantine sent mail in response to newly-acquired threat intelligence and retroactively neutralize malicious phishing, spam, or malware messages that have already been delivered to mailboxes.
• Encourage users to use Microsoft Edge and other web browsers that support Microsoft Defender SmartScreen, which identifies and blocks malicious websites, including phishing sites, scam sites, and sites that host malware.
• Turn on cloud-delivered protection in Microsoft Defender Antivirus or the equivalent for your antivirus product to cover rapidly evolving attack tools and techniques. Cloud-based machine learning protections block a majority of new and unknown variants
• Configure Microsoft Entra with increased security.
• Pilot and deploy phishing-resistant authentication methods for users.
• Implement Entra ID Conditional Access authentication strength to require phishing-resistant authentication for employees and external users for critical apps.

Mitigating threats from phishing actors begins with securing user identity by eliminating traditional credentials and adopting passwordless, phishing-resistant MFA methods such as FIDO2 security keys, Windows Hello for Business, and Microsoft Authenticator passkeys.

Microsoft recommends enforcing phishing-resistant MFA for privileged roles in Microsoft Entra ID to significantly reduce the risk of account compromise. Learn how to require phishing-resistant MFA for admin roles and plan a passwordless deployment.

Passwordless authentication improves security as well as enhances user experience and reduces IT overhead. Explore Microsoft’s overview of passwordless authentication and authentication strength guidance to understand how to align your organization’s policies with best practices. For broader strategies on defending against identity-based attacks, refer to Microsoft’s blog on evolving identity attack techniques.

If Microsoft Defender alerts indicate suspicious activity or confirmed compromised account or a system, it’s essential to act quickly and thoroughly. Below are recommended remediation steps for each affected identity:

1. Reset credentials – Immediately reset the account’s password and revoke any active sessions or tokens. This ensures that any stolen credentials can no longer be used.
2. Re-register or remove MFA devices – Review users MFA devices, specifically those recently added or updated.
3. Revert unauthorized payroll or financial changes – If the attacker modified payroll or financial configurations, such as direct deposit details, revert them to their original state and notify the appropriate internal teams.
4. Remove malicious inbox rules – Attackers often create inbox rules to hide their activity or forward sensitive data. Review and delete any suspicious or unauthorized rules.
5. Verify MFA reconfiguration – Confirm that the user has successfully reconfigured MFA and that the new setup uses secure, phishing-resistant methods.

Microsoft Defender XDR detections

Microsoft Defender XDR coordinates detection, prevention, investigation, and response across endpoints, identities, email, apps to provide integrated protection against attacks like the threat discussed in this blog.

Customers with provisioned access can also use Microsoft Security Copilot in Microsoft Defender to investigate and respond to incidents, hunt for threats, and protect their organization with relevant threat intelligence.

Microsoft Security Copilot

Security Copilot customers can use the standalone experience to create their own prompts or run the following prebuilt promptbooks to automate incident response or investigation tasks related to this threat:

• Incident investigation
• Microsoft User analysis
• Threat actor profile
• Threat Intelligence 360 report based on MDTI article
• Vulnerability impact assessment

Note that some promptbooks require access to plugins for Microsoft products such as Microsoft Defender XDR or Microsoft Sentinel.

Threat intelligence reports

Microsoft customers can use the following reports in Microsoft products to get the most up-to-date information about the threat actor, malicious activity, and techniques discussed in this blog. These reports provide the intelligence, protection information, and recommended actions to prevent, mitigate, or respond to associated threats found in customer environments.

Microsoft Defender XDR threat analytics

• Actor profile: Storm-1747
• Technique profile: Adversary-in-the-middle credential phishing

Microsoft Security Copilot customers can also use the Microsoft Security Copilot integration in Microsoft Defender Threat Intelligence, either in the Security Copilot standalone portal or in the embedded experience in the Microsoft Defender portal to get more information about this threat actor.

Hunting queries

Microsoft Defender XDR

Microsoft Defender XDR customers can run the following query to find related activity in their networks:

Finding potentially spoofed emails:

EmailEvents
| where Timestamp >= ago(30d)
| where EmailDirection == "Inbound"
| where Connectors == ""  // No connector used
| where SenderFromDomain in ("contoso.com")  // Replace with your domain(s)
| project Timestamp, NetworkMessageId, InternetMessageId, SenderMailFromAddress,
          SenderFromAddress, SenderDisplayName, SenderFromDomain, SenderIPv4,
          RecipientEmailAddress, Subject, DeliveryAction, DeliveryLocation

Finding more suspicious, potentially spoofed emails:

EmailEvents
| where EmailDirection == "Inbound"
| where Connectors == ""  // No connector used
| where SenderFromDomain in ("contoso.com", "fabrikam.com") // Replace with your accepted domains
| where AuthenticationDetails !contains "SPF=pass" // SPF failed or missing
| where AuthenticationDetails !contains "DKIM=pass" // DKIM failed or missing
| where AuthenticationDetails !contains "DMARC=pass" // DMARC failed or missing
| where SenderIPv4 !in ("") // Exclude known relay IPs
| where ThreatTypes has_any ("Phish", "Spam") or ConfidenceLevel == "High" // 
| project Timestamp, NetworkMessageId, InternetMessageId, SenderMailFromAddress,
          SenderFromAddress, SenderDisplayName, SenderFromDomain, SenderIPv4,
          RecipientEmailAddress, Subject, AuthenticationDetails, DeliveryAction

Microsoft Sentinel

Microsoft Sentinel customers can use the TI Mapping analytics (a series of analytics all prefixed with ‘TI map’) to automatically match the malicious domain indicators mentioned in this blog post with data in their workspace. If the TI Map analytics are not currently deployed, customers can install the Threat Intelligence solution from the Microsoft Sentinel Content Hub to have the analytics rule deployed in their Sentinel workspace.

The below hunting queries can also be found in the Microsoft Defender portal for customers who have Microsoft Defender XDR installed from the Content Hub, or accessed directly from GitHub.

• Spoof and impersonation phish detections
• Spoof attempts with auth failure

Below are the queries using Sentinel Advanced Security Information Model (ASIM) functions to hunt threats across both Microsoft first-party and third-party data sources. ASIM also supports deploying parsers to specific workspaces from GitHub, using an ARM template or manually.

Detect network IP and domain indicators of compromise using ASIM

The following query checks domain and URL IOCs across data sources supported by ASIM web session parser:

//IP list and domain list- _Im_NetworkSession
let lookback = 30d;
let ioc_ip_addr = dynamic(["162.19.196.13", "163.5.221.110", "51.195.94.194", "51.89.59.188"]);
let ioc_domains = dynamic(["2fa.valoufroo.in.net", "valoufroo.in.net", "integralsm.cl", "absoluteprintgroup.com"]);
_Im_NetworkSession(starttime=todatetime(ago(lookback)), endtime=now())
| where DstIpAddr in (ioc_ip_addr) or DstDomain has_any (ioc_domains)
| summarize imNWS_mintime=min(TimeGenerated), imNWS_maxtime=max(TimeGenerated),
  EventCount=count() by SrcIpAddr, DstIpAddr, DstDomain, Dvc, EventProduct, EventVendor

Detect web sessions IP and file hash indicators of compromise using ASIM

The following query checks domain and URL IOCs across data sources supported by ASIM web session parser:

//IP list - _Im_WebSession
let lookback = 30d;
let ioc_ip_addr = dynamic(["162.19.196.13", "163.5.221.110", "51.195.94.194", "51.89.59.188"]);
_Im_WebSession(starttime=todatetime(ago(lookback)), endtime=now())
| where DstIpAddr in (ioc_ip_addr)
| summarize imWS_mintime=min(TimeGenerated), imWS_maxtime=max(TimeGenerated),
  EventCount=count() by SrcIpAddr, DstIpAddr, Url, Dvc, EventProduct, EventVendor

Detect domain and URL indicators of compromise using ASIM

The following query checks domain and URL IOCs across data sources supported by ASIM web session parser:

// file hash list - imFileEvent
// Domain list - _Im_WebSession
let ioc_domains = dynamic(["2fa.valoufroo.in.net", "valoufroo.in.net", "integralsm.cl", "absoluteprintgroup.com"]);
_Im_WebSession (url_has_any = ioc_domains)

Spoofing attempts from specific domains

// Add the list of domains to search for.
let DomainList = dynamic(["2fa.valoufroo.in.net", "valoufroo.in.net", "integralsm.cl", "absoluteprintgroup.com"]); 
EmailEvents 
| where TimeGenerated > ago (1d) and DetectionMethods has "spoof" and SenderFromDomain in~ (DomainList)
| project TimeGenerated, AR=parse_json(AuthenticationDetails) , NetworkMessageId, EmailDirection, Subject, SenderFromAddress, SenderIPv4, ThreatTypes, DetectionMethods, ThreatNames  
| evaluate bag_unpack(AR)  
| where column_ifexists('SPF','') =~ "fail" or  column_ifexists('DMARC','') =~ "fail" or column_ifexists('DKIM','') =~ "fail" or column_ifexists('CompAuth','') =~ "fail"
| extend Name = tostring(split(SenderFromAddress, '@', 0)[0]), UPNSuffix = tostring(split(SenderFromAddress, '@', 1)[0])
| extend Account_0_Name = Name
| extend Account_0_UPNSuffix = UPNSuffix
| extend IP_0_Address = SenderIPv4

Indicators of compromise

References

• https://www.mimecast.com/threat-intelligence-hub/microsoft-direct-send-abuse/
• https://www.proofpoint.com/us/blog/email-and-cloud-threats/attackers-abuse-m365-for-internal-phishing
• https://www.varonis.com/blog/direct-send-exploit

Learn more

For the latest security research from the Microsoft Threat Intelligence community, check out the Microsoft Threat Intelligence Blog.

To get notified about new publications and to join discussions on social media, follow us on LinkedIn, X (formerly Twitter), and Bluesky. To hear stories and insights from the Microsoft Threat Intelligence community about the ever-evolving threat landscape, listen to the Microsoft Threat Intelligence podcast.

The post Phishing actors exploit complex routing and misconfigurations to spoof domains appeared first on Microsoft Security Blog.

In the latest edition of our Cyberattack Series, we dive into a real-world case of fake employees. Cybercriminals are no longer just breaking into networks—they’re gaining access by posing as legitimate employees. This form of cyberattack involves operatives posing as legitimate remote hires, slipping past human resources checks and onboarding processes to gain trusted access. Once inside, they exploit corporate systems to steal sensitive data, deploy malicious tools, and funnel profits to state-sponsored programs. In this blog, we unpack how this cyberattack unfolded, the tactics employed, and how Microsoft Incident Response—the Detection and Response Team (DART)—swiftly stepped in with forensic insights and actionable guidance. Download the full report to learn more.

What happened?

What began as a routine onboarding turned into a covert operation. In this case, four compromised user accounts were discovered connecting PiKVM devices to employer-issued workstations—hardware that enables full remote control as if the threat actor were physically present. This allowed unknown third parties to bypass normal access controls and extract sensitive data directly from the network. With support from Microsoft Threat Intelligence, we quickly traced the activity to the North Korean remote IT workforce known as Jasper Sleet.

DART quickly pivoted from proactive threat hunting to full-scale investigation, leveraging numerous specialized tools and techniques. These included, but were not limited to, Cosmic and Arctic for Azure and Active Directory analysis, Fennec for forensic evidence collection across multiple operating system platforms, and telemetry from Microsoft Entra ID protection and Microsoft Defender solutions for endpoint, identity, and cloud apps. Together, these tools and capabilities helped trace the intrusion, contain the threat, and restore operational integrity.

How did Microsoft respond?

Once the scope of the compromise was clear, DART acted immediately to contain and disrupt the cyberattack. The team disabled compromised accounts, restored affected devices to clean backups, and analyzed Unified Audit Logs—a feature of Microsoft 365 within the Microsoft Purview Compliance Manager portal—to trace the threat actor’s movements. Advanced detection tools, including Microsoft Defender for Identity and Microsoft Defender for Endpoint, were deployed to uncover lateral movement and credential misuse. To blunt the broader campaign, Microsoft also suspended thousands of accounts linked to North Korean IT operatives.

What can customers do to strengthen their defenses?

This cyberthreat is challenging, but it’s not insurmountable. By combining strong security operations center (SOC) practices with insider risk strategies, companies can close the gaps that threat actors exploit. Many organizations start by improving visibility through Microsoft 365 Defender and Unified Audit Log integration and protecting sensitive data with Microsoft Purview Data Loss Prevention policies. Additionally, Microsoft Purview Insider Risk Management can help organizations identify risky behaviors before they escalate, while strict pre-employment vetting and enforcing the principle of least privilege reduce exposure from the start. Finally, monitor for unapproved IT tools like PiKVM devices and stay informed through the Threat Analytics dashboard in Microsoft Defender. These cybersecurity practices and real-world strategies, paired with proactive alert management, can give your defenders the confidence to detect, disrupt, and prevent similar attacks.

What is the Cyberattack Series?

In our Cyberattack Series, customers discover how DART investigates unique and notable attacks. For each cyberattack story, we share:

• How the cyberattack happened.
• How the breach was discovered.
• Microsoft’s investigation and eviction of the threat actor.
• Strategies to avoid similar cyberattacks.

DART is made up of highly skilled investigators, researchers, engineers, and analysts who specialize in handling global security incidents. We’re here for customers with dedicated experts to work with you before, during, and after a cybersecurity incident.

Learn more

To learn more about DART capabilities, please visit our website, or reach out to your Microsoft account manager or Premier Support contact. To learn more about the cybersecurity incidents described above, including more insights and information on how to protect your own organization, download the full report.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹AI Fuels Mistrust Between Employers and Job Candidates; Recruiters Worry About Fraud, Candidates Fear Bias

The post Imposter for hire: How fake people can gain very real access appeared first on Microsoft Security Blog.

As cyberthreats become faster, harder to detect, and more sophisticated, organizations must focus on building resilience—strengthening their ability to prevent, withstand, and recover from cybersecurity incidents. Resilience can mean the difference between containing an incident with minimal disruption and becoming the next headline.

For more than a decade, Microsoft Incident Response has been at the forefront of the world’s most complex cyberattacks, helping organizations investigate, contain, and recover from incidents. That real-world experience also informs our proactive services, which help organizations improve readiness before an incident occurs. To further help organizations before, during, and after a cyber incident, we’re excited to introduce new proactive incident response services designed to help organizations build resilience and minimize disruption.

Microsoft Incident Response

Strengthen your security with intelligence-driven incident response from Microsoft.

Explore the portfolio

Expanded proactive services to enhance resilience

Delivered by the same experts who handle real-world crises, Microsoft proactive services equip security teams with insights and skills to be informed, resilient, and ready—because the best response is one you never need to make.

• Incident response plan development: We assist organizations in developing their own incident response plan, using lessons from real-world incidents.
• Major event support: We provide dedicated teams during critical events—such as corporate conferences or sporting events—actively monitoring emerging cyberthreats and acting instantly to prevent incidents and interruptions.
• Cyber range: Microsoft Incident Response delivers simulations that provide high-fidelity, hands-on experience in a controlled environment. Security teams engage directly with threat actor tactics, using Microsoft security tools to detect, investigate, and contain cyberthreats in real time. This immersive approach builds confidence, muscle memory, and validates playbooks before an actual incident occurs using tools customers already own.
• Advisory: We offer one-on-one, customized engagements, offering strategic recommendations, industry-specific consulting, and expert guidance informed by current threat actor activity and the latest incident response engagements. These services provide on-demand access to Microsoft Incident Response and cybersecurity experts, empowering leadership and technical teams to make informed decisions that reduce risk and accelerate resilience.
• Mergers and acquisitions compromise assessment: Microsoft Incident Response offers a targeted compromise assessment performed during or around a merger, acquisition, or divestiture to determine whether the organization being acquired—or the environment being integrated—has been previously or is currently compromised by threat actors.

Building on a strong proactive foundation

These new services build on Microsoft Incident Response’s established proactive offerings, which are trusted by organizations of all sizes and across industries.

• Our popular compromise assessment delivers deep forensic investigations to identify indicators of compromise (IOCs), threat actor activity, and vulnerabilities hidden in your environment. This service includes advanced threat hunting and forensic examination, providing actionable recommendations to harden your security posture.
• Identity assessment offers a targeted evaluation of the identity control plane, pinpointing weaknesses in authentication and access policies. By addressing these gaps early, organizations reduce exposure to credential-based attacks and help ensure identity systems remain resilient against evolving cyberthreats.
• Identity hardening works with organizations to deploy policies and configurations that block unauthorized access and strengthen authentication mechanisms. Engineers provide proven containment and recovery strategies to secure the identity control plane.
• Tabletop exercises go beyond theory by immersing leadership, legal, and technical teams in realistic scenarios involving an incident. These sessions expose gaps in defenses and response plans, sharpen decision-making under pressure, and foster alignment on regulatory obligations and executive communications.

Make resilience your strongest defense

Incident response isn’t just about reacting to incidents—it’s giving organizations the confidence and capabilities needed to prevent them. Microsoft Incident Response helps customers move from security uncertainty to clarity and readiness with expert-led preparation, gap detection, defense hardening, and tailored threat insights. By investing in proactive services, you reduce risk, accelerate recovery, and strengthen your security posture before threats strike. Don’t wait for an incident to test your resilience—invest in proactive defense today.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

The post Explore the latest Microsoft Incident Response proactive services for enhanced resilience appeared first on Microsoft Security Blog.

Phishing actors are exploiting complex routing scenarios and misconfigured spoof protections to effectively spoof organizations’ domains and deliver phishing emails that appear, superficially, to have been sent internally. Threat actors have leveraged this vector to deliver a wide variety of phishing messages related to various phishing-as-a-service (PhaaS) platforms such as Tycoon2FA. These include messages with lures themed around voicemails, shared documents, communications from human resources (HR) departments, password resets or expirations, and others, leading to credential phishing.

This attack vector is not new but has seen increased visibility and use since May 2025. The phishing campaigns Microsoft has observed using this attack vector are opportunistic rather than targeted in nature, with messages sent to a wide variety of organizations across several industries and verticals. Notably, Microsoft has also observed a campaign leveraging this vector to conduct financial scams against organizations. While these attacks share many characteristics with other credential phishing email campaigns, the attack vector abusing complex routing and improperly configured spoof protections distinguishes these campaigns. The phishing attack vector covered in this blog post does not affect customers whose Microsoft Exchange mail exchanger (MX) records point to Office 365; these tenants are protected by native built-in spoofing detections.

Phishing messages sent through this vector may be more effective as they appear to be internally sent messages. Successful credential compromise through phishing attacks may lead to data theft or business email compromise (BEC) attacks against the affected organization or partners and may require extensive remediation efforts, and/or lead to loss of funds in the case of financial scams. While Microsoft detects the majority of these phishing attack attempts, organizations can further reduce risk by properly configuring spoof protections and any third-party connectors to prevent spoofed phish or scam messages sent through this attack vector from reaching inboxes.

In this blog, we explain how threat actors are exploiting these routing scenarios and provide observations from related attacks. We provide specific examples—including technical analysis of phishing messages, spoof protections, and email headers—to help identify this attack vector. This blog also provides additional resources with information on how to set up mail flow rules, enforce spoof protections, and configure third-party connectors to prevent spoofed phishing messages from reaching user inboxes.

Spoofed phishing attacks

In cases where a tenant has configured a complex routing scenario, where the MX records are not pointed to Office 365, and the tenant has not configured strictly enforced spoof protections, threat actors may be able to send spoofed phishing messages that appear to have come from the tenant’s own domain. Setting strict Domain-based Message Authentication, Reporting, and Conformance (DMARC) reject and SPF hard fail (rather than soft fail) policies and properly configuring any third-party connectors will prevent phishing attacks spoofing organizations’ domains.

This vector is not, as has been publicly reported, a vulnerability of Direct Send, a mail flow method in Microsoft 365 Exchange Online that allows devices (like printers, scanners), applications, or third-party services to send email without authentication using the organization’s accepted domain, but rather takes advantage of complex routing scenarios and misconfigured spoof protections. Tenants with MX records pointed directly to Office 365 are not vulnerable to this attack vector of sending spoofed phishing messages.

As with most other phishing attacks observed by Microsoft Threat intelligence throughout 2025, the bulk of phishing campaigns observed using this attack vector employ the Tycoon2FA PhaaS platform, in addition to several other phishing services in use as well. In October 2025, Microsoft Defender for Office 365 blocked more than 13 million malicious emails linked to Tycoon2FA, including many attacks spoofing organizations’ domains. PhaaS platforms such as Tycoon2FA provide threat actors with a suite of capabilities, support, and ready-made lures and infrastructure to carry out phishing attacks and compromise credentials. These capabilities include adversary-in-the-middle (AiTM) phishing, which is intended to circumvent multifactor authentication (MFA) protections. Credential phishing attacks sent through this method employ a variety of themes such as voicemail notifications, password resets, HR communications, among others.

Microsoft Threat Intelligence has also observed emails intended to trick organizations into paying fake invoices, potentially leading to financial losses. Generally, in these spoofed phishing attacks, the recipient email address is used in both the “To” and “From” fields of the email, though some attacks will change the display name of the sender to make the attack more convincing and the “From” field could contain any valid internal email address.

Credential phishing with spoofed emails

The bulk of phishing messages sent through this attack vector uses the same lures as conventionally sent phishing messages, masquerading as services such as Docusign, or communications from HR regarding salary or benefits changes, password resets, and so on. They may employ clickable links in the email body or QR codes in attachments or other means of getting the recipient to navigate to a phish landing page. The appearance of having been sent from an internal email address is the most visible distinction to an end user, often with the same email address used in the “To” and “From” fields.

Email headers provide more information regarding the delivery of spoofed phishing emails, such as the appearance of an external IP address used by the threat actor to initiate the phishing attack. Depending on the configuration of the tenant, there will be SPF soft or hard fail, DMARC fail, and DKIM will equal none as both the sender and recipient appear to be in the same domain. At a basic level of protection, these should cause a message to land in a spam folder, but a user may retrieve and interact with phishing messages routed to spam. The X-MS-Exchange-Organization-InternalOrgSender will be set to True, but X-MS-Exchange-Organization-MessageDirectionality will be set to Incoming and X-MS-Exchange-Organization-ASDirectionalityType will have a value of “1”, indicating that the message was sent from outside of the organization. The combination of internal organization sender and incoming directionality is indicative of a message spoofed to appear as an internal communication, but not necessarily indicative of maliciousness. X-MS-Exchange-Organization-AuthAs will be set to Anonymous, indicating that the message came from an external source.

The Authentication-Results header example provided below illustrates the result of enforced authentication. 000 is an explicit DMARC failure. The resultant action is either reject or quarantine. The headers shown here are examples of properly configured environments, effectively blocking phishing emails sent through this attack vector:

spf=fail (sender IP is 51.89.59[.]188) smtp.mailfrom=contoso.com; dkim=none (message not signed) header.d=none;dmarc=fail action=quarantine header.from=contoso.com;compauth=fail reason=000

spf=fail (sender IP is 51.68.182[.]101) smtp.mailfrom= contoso.com; dkim=none (message not signed) header.d=none;dmarc=fail action=oreject header.from=contoso.com;

Any third-party connectors—such as a spam filtering service, security solution, or archiving service—must be configured properly or spoof detections cannot be calculated correctly, allowing phishing emails such as the examples below to be delivered. The first of these examples indicate the expected authentication failures in the header, but no action is taken due to reason 905, which indicates that the tenant has set up complex routing where the mail exchanger record (MX record) points to either an on-premises Exchange environment or a third-party service before reaching Microsoft 365:

spf=fail (sender IP is 176.111.219[.]85) smtp.mailfrom= contoso.com; dkim=none (message not signed) header.d=none;dmarc=fail action=none header.from= contoso.com;compauth=none reason=905

The phishing message masquerades as a notification from Microsoft Office 365 informing the recipient that their password will soon expire, although the subject line appears to be intended for a voicemail themed lure. The link in the email is a nested Google Maps URL pointing to an actor-controlled domain at online.amphen0l-fci[.]com.

The second example also shows the expected authentication failures, but with an action of “oreject” with reason 451, indicating complex routing and that the message was delivered to the spam folder.

spf=softfail (sender IP is 162.19.129[.]232) smtp.mailfrom=contoso.com; dkim=none (message not signed) header.d=none;dmarc=fail action=oreject header.from=contoso.com;compauth=none reason=451

This email masquerades as a SharePoint communication asking the recipient to review a shared document. The sender and recipient addresses are the same, though the threat actor has set the display name of the sender to “Pending Approval”. The InternalOrgSender header is set to True. On the surface, this appears to be an internally sent email, though the use of the recipient’s address in both the “To” and “From” fields may alert an end user that this message is not legitimate.

The nested Google URL in the email body points to actor-controlled domain scanuae[.]com. This domain acts as a redirector, loading a script that constructs a URL using the recipient’s Base64-encoded email before loading a custom CAPTCHA page on the Tycoon2FA domain valoufroo.in[.]net. A sample of the script loaded on scanuae[.]com is shown here:

The below example of the custom CAPTCHA page is loaded at the Tycoon2FA domain goorooyi.yoshemo.in[.]net. The CAPTCHA is one of many similar CAPTCHAs observed in relation to Tycoon2FA phishing sequences. Clicking through it leads to a Tycoon2FA phish landing page where the recipient is prompted to input their credentials. Alternatively, clicking through the CAPTCHA may lead to a benign page on a legitimate domain, a tactic intended to evade detection and analysis.

Spoofed email financial scams

Microsoft Threat Intelligence has also observed financial scams sent through spoofed emails. These messages are crafted to look like an email thread between a highly placed employee at the targeted organization, often the CEO of the organization, an individual requesting payment for services rendered, or the accounting department at the targeted organization. In this example, the message was initiated from 163.5.169[.]67 and authentication failures were not enforced, as DMARC is set to none and action is set to none, a permissive mode that does not protect against spoofed messages, allowing the message to reach the inbox on a tenant whose MX record is not pointed to Office 365.

Authentication-Results	spf=fail (sender IP is 163.5.169[.]67) smtp.mailfrom=contoso.com; dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=contoso.com;compauth=fail reason=601

The scam message is crafted to appear as an email thread with a previous message between the CEO of the targeted organization, using the CEO’s real name, and an individual requesting payment of an invoice. The name of the individual requesting payment (here replaced with “John Doe”) appears to be a real person, likely a victim of identity theft. The “To” and “From” fields both use the address for the accounting department at the targeted organization, but with the CEO’s name used as the display name in the “From” field. As with our previous examples, this email superficially appears to be internal to the organization, with only the use of the same address as sender and recipient indicating that the message may not be legitimate. The body of the message also attempts to instill a sense of urgency, asking for prompt payment to retain a discount.

Most of the emails observed as part of this campaign include three attached files. The first is the fake invoice requesting several thousand dollars to be sent through ACH payment to a bank account at an online banking company. The name of the individual requesting payment is also listed along with a fake company name and address. The bank account was likely set up using the individual’s stolen personally identifiable information.

The second attachment (not pictured) is an IRS W-9 form that lists the name and social security number of the individual used to set up the bank account. The third attachment is a fake “bank letter” ostensibly provided by an employee at the online bank used to set up the fraudulent account. The letter provides the same banking information as the invoice and attempts to add another layer of believability to the scam.

Falling victim to this scam could result in significant financial losses that may not be recoverable as the funds will likely be moved quickly by the actor in control of the fraudulent bank account.  

Mitigation and protection guidance

Preventing spoofed email attacks

The following links provide information for customers whose MX records are not pointed to Office 365 on how to configure mail flow connectors and rules to prevent spoofed emails from reaching inboxes.

• These links provide information on how to properly configure mail flow with connectors:
  • Manage mail flow using a third-party cloud service with Exchange Online
  • Configure mail flow using connectors in Exchange Online
  • Mail flow rules (transport rules) in Exchange Online
  • Enhanced filtering for connectors in Exchange Online
• These links provide information on configuring SPF, DKIM, and DMARC:
  • Email authentication in cloud organizations
  • Set up SPF to identify valid email sources for your custom cloud domains
  • Set up DKIM to sign mail from your cloud domain
  • Set up DMARC to validate the From address domain for cloud senders
• The following links provide more in-depth information on Direct Send:
  • Introducing more control over Direct Send in Exchange Online
  • Direct Send vs sending directly to an Exchange Online tenant

Mitigating AiTM phishing attacks

Microsoft Threat Intelligence recommends the following mitigations, which are effective against a range of phishing threats.

• Review our recommended settings for Exchange Online Protection and Microsoft Defender for Office 365.
• Configure Microsoft Defender for Office 365 to recheck links on click. Safe Links provides URL scanning and rewriting of inbound email messages in mail flow, and time-of-click verification of URLs and links in email messages, other Microsoft 365 applications such as Teams, and other locations such as SharePoint Online. Safe Links scanning occurs in addition to the regular anti-spam and anti-malware protection in inbound email messages in Microsoft Exchange Online Protection (EOP). Safe Links scanning can help protect your organization from malicious links used in phishing and other attacks.
• Turn on Zero-hour auto purge (ZAP) in Defender for Office 365 to quarantine sent mail in response to newly-acquired threat intelligence and retroactively neutralize malicious phishing, spam, or malware messages that have already been delivered to mailboxes.
• Encourage users to use Microsoft Edge and other web browsers that support Microsoft Defender SmartScreen, which identifies and blocks malicious websites, including phishing sites, scam sites, and sites that host malware.
• Turn on cloud-delivered protection in Microsoft Defender Antivirus or the equivalent for your antivirus product to cover rapidly evolving attack tools and techniques. Cloud-based machine learning protections block a majority of new and unknown variants
• Configure Microsoft Entra with increased security.
• Pilot and deploy phishing-resistant authentication methods for users.
• Implement Entra ID Conditional Access authentication strength to require phishing-resistant authentication for employees and external users for critical apps.

Mitigating threats from phishing actors begins with securing user identity by eliminating traditional credentials and adopting passwordless, phishing-resistant MFA methods such as FIDO2 security keys, Windows Hello for Business, and Microsoft Authenticator passkeys.

Microsoft recommends enforcing phishing-resistant MFA for privileged roles in Microsoft Entra ID to significantly reduce the risk of account compromise. Learn how to require phishing-resistant MFA for admin roles and plan a passwordless deployment.

Passwordless authentication improves security as well as enhances user experience and reduces IT overhead. Explore Microsoft’s overview of passwordless authentication and authentication strength guidance to understand how to align your organization’s policies with best practices. For broader strategies on defending against identity-based attacks, refer to Microsoft’s blog on evolving identity attack techniques.

If Microsoft Defender alerts indicate suspicious activity or confirmed compromised account or a system, it’s essential to act quickly and thoroughly. Below are recommended remediation steps for each affected identity:

1. Reset credentials – Immediately reset the account’s password and revoke any active sessions or tokens. This ensures that any stolen credentials can no longer be used.
2. Re-register or remove MFA devices – Review users MFA devices, specifically those recently added or updated.
3. Revert unauthorized payroll or financial changes – If the attacker modified payroll or financial configurations, such as direct deposit details, revert them to their original state and notify the appropriate internal teams.
4. Remove malicious inbox rules – Attackers often create inbox rules to hide their activity or forward sensitive data. Review and delete any suspicious or unauthorized rules.
5. Verify MFA reconfiguration – Confirm that the user has successfully reconfigured MFA and that the new setup uses secure, phishing-resistant methods.

Microsoft Defender XDR detections

Microsoft Defender XDR coordinates detection, prevention, investigation, and response across endpoints, identities, email, apps to provide integrated protection against attacks like the threat discussed in this blog.

Customers with provisioned access can also use Microsoft Security Copilot in Microsoft Defender to investigate and respond to incidents, hunt for threats, and protect their organization with relevant threat intelligence.

Microsoft Security Copilot

Security Copilot customers can use the standalone experience to create their own prompts or run the following prebuilt promptbooks to automate incident response or investigation tasks related to this threat:

• Incident investigation
• Microsoft User analysis
• Threat actor profile
• Threat Intelligence 360 report based on MDTI article
• Vulnerability impact assessment

Note that some promptbooks require access to plugins for Microsoft products such as Microsoft Defender XDR or Microsoft Sentinel.

Threat intelligence reports

Microsoft customers can use the following reports in Microsoft products to get the most up-to-date information about the threat actor, malicious activity, and techniques discussed in this blog. These reports provide the intelligence, protection information, and recommended actions to prevent, mitigate, or respond to associated threats found in customer environments.

Microsoft Defender XDR threat analytics

• Actor profile: Storm-1747
• Technique profile: Adversary-in-the-middle credential phishing

Microsoft Security Copilot customers can also use the Microsoft Security Copilot integration in Microsoft Defender Threat Intelligence, either in the Security Copilot standalone portal or in the embedded experience in the Microsoft Defender portal to get more information about this threat actor.

Hunting queries

Microsoft Defender XDR

Microsoft Defender XDR customers can run the following query to find related activity in their networks:

Finding potentially spoofed emails:

EmailEvents
| where Timestamp >= ago(30d)
| where EmailDirection == "Inbound"
| where Connectors == ""  // No connector used
| where SenderFromDomain in ("contoso.com")  // Replace with your domain(s)
| project Timestamp, NetworkMessageId, InternetMessageId, SenderMailFromAddress,
          SenderFromAddress, SenderDisplayName, SenderFromDomain, SenderIPv4,
          RecipientEmailAddress, Subject, DeliveryAction, DeliveryLocation

Finding more suspicious, potentially spoofed emails:

EmailEvents
| where EmailDirection == "Inbound"
| where Connectors == ""  // No connector used
| where SenderFromDomain in ("contoso.com", "fabrikam.com") // Replace with your accepted domains
| where AuthenticationDetails !contains "SPF=pass" // SPF failed or missing
| where AuthenticationDetails !contains "DKIM=pass" // DKIM failed or missing
| where AuthenticationDetails !contains "DMARC=pass" // DMARC failed or missing
| where SenderIPv4 !in ("") // Exclude known relay IPs
| where ThreatTypes has_any ("Phish", "Spam") or ConfidenceLevel == "High" // 
| project Timestamp, NetworkMessageId, InternetMessageId, SenderMailFromAddress,
          SenderFromAddress, SenderDisplayName, SenderFromDomain, SenderIPv4,
          RecipientEmailAddress, Subject, AuthenticationDetails, DeliveryAction

Microsoft Sentinel

Microsoft Sentinel customers can use the TI Mapping analytics (a series of analytics all prefixed with ‘TI map’) to automatically match the malicious domain indicators mentioned in this blog post with data in their workspace. If the TI Map analytics are not currently deployed, customers can install the Threat Intelligence solution from the Microsoft Sentinel Content Hub to have the analytics rule deployed in their Sentinel workspace.

The below hunting queries can also be found in the Microsoft Defender portal for customers who have Microsoft Defender XDR installed from the Content Hub, or accessed directly from GitHub.

• Spoof and impersonation phish detections
• Spoof attempts with auth failure

Below are the queries using Sentinel Advanced Security Information Model (ASIM) functions to hunt threats across both Microsoft first-party and third-party data sources. ASIM also supports deploying parsers to specific workspaces from GitHub, using an ARM template or manually.

Detect network IP and domain indicators of compromise using ASIM

The following query checks domain and URL IOCs across data sources supported by ASIM web session parser:

//IP list and domain list- _Im_NetworkSession
let lookback = 30d;
let ioc_ip_addr = dynamic(["162.19.196.13", "163.5.221.110", "51.195.94.194", "51.89.59.188"]);
let ioc_domains = dynamic(["2fa.valoufroo.in.net", "valoufroo.in.net", "integralsm.cl", "absoluteprintgroup.com"]);
_Im_NetworkSession(starttime=todatetime(ago(lookback)), endtime=now())
| where DstIpAddr in (ioc_ip_addr) or DstDomain has_any (ioc_domains)
| summarize imNWS_mintime=min(TimeGenerated), imNWS_maxtime=max(TimeGenerated),
  EventCount=count() by SrcIpAddr, DstIpAddr, DstDomain, Dvc, EventProduct, EventVendor

Detect web sessions IP and file hash indicators of compromise using ASIM

The following query checks domain and URL IOCs across data sources supported by ASIM web session parser:

//IP list - _Im_WebSession
let lookback = 30d;
let ioc_ip_addr = dynamic(["162.19.196.13", "163.5.221.110", "51.195.94.194", "51.89.59.188"]);
_Im_WebSession(starttime=todatetime(ago(lookback)), endtime=now())
| where DstIpAddr in (ioc_ip_addr)
| summarize imWS_mintime=min(TimeGenerated), imWS_maxtime=max(TimeGenerated),
  EventCount=count() by SrcIpAddr, DstIpAddr, Url, Dvc, EventProduct, EventVendor

Detect domain and URL indicators of compromise using ASIM

The following query checks domain and URL IOCs across data sources supported by ASIM web session parser:

// file hash list - imFileEvent
// Domain list - _Im_WebSession
let ioc_domains = dynamic(["2fa.valoufroo.in.net", "valoufroo.in.net", "integralsm.cl", "absoluteprintgroup.com"]);
_Im_WebSession (url_has_any = ioc_domains)

Spoofing attempts from specific domains

// Add the list of domains to search for.
let DomainList = dynamic(["2fa.valoufroo.in.net", "valoufroo.in.net", "integralsm.cl", "absoluteprintgroup.com"]); 
EmailEvents 
| where TimeGenerated > ago (1d) and DetectionMethods has "spoof" and SenderFromDomain in~ (DomainList)
| project TimeGenerated, AR=parse_json(AuthenticationDetails) , NetworkMessageId, EmailDirection, Subject, SenderFromAddress, SenderIPv4, ThreatTypes, DetectionMethods, ThreatNames  
| evaluate bag_unpack(AR)  
| where column_ifexists('SPF','') =~ "fail" or  column_ifexists('DMARC','') =~ "fail" or column_ifexists('DKIM','') =~ "fail" or column_ifexists('CompAuth','') =~ "fail"
| extend Name = tostring(split(SenderFromAddress, '@', 0)[0]), UPNSuffix = tostring(split(SenderFromAddress, '@', 1)[0])
| extend Account_0_Name = Name
| extend Account_0_UPNSuffix = UPNSuffix
| extend IP_0_Address = SenderIPv4

Indicators of compromise

References

• https://www.mimecast.com/threat-intelligence-hub/microsoft-direct-send-abuse/
• https://www.proofpoint.com/us/blog/email-and-cloud-threats/attackers-abuse-m365-for-internal-phishing
• https://www.varonis.com/blog/direct-send-exploit

Learn more

For the latest security research from the Microsoft Threat Intelligence community, check out the Microsoft Threat Intelligence Blog.

To get notified about new publications and to join discussions on social media, follow us on LinkedIn, X (formerly Twitter), and Bluesky. To hear stories and insights from the Microsoft Threat Intelligence community about the ever-evolving threat landscape, listen to the Microsoft Threat Intelligence podcast.

The post Phishing actors exploit complex routing and misconfigurations to spoof domains appeared first on Microsoft Security Blog.

Security teams are being pushed to their limits as AI‑powered cyberattacks grow in speed, scale, and sophistication—and only 14% of organizations surveyed by the World Economic Forum report they feel confident they have the right people and skills needed to meet their cybersecurity objectives.¹ As cyberthreats evolve faster than many teams can hire or train, pressure mounts to strengthen defenses, increase resilience, and achieve security outcomes faster. We’re here to help. Introducing the new Microsoft Defender Experts Suite, a new security offering that provides expert-led services that help organizations defend against advanced cyberthreats, build long‑term resilience, and modernize security operations with confidence.

Microsoft Defender Experts Suite

Get integrated security services that protect your organization and accelerate security outcomes in the new security offering from Microsoft.

Learn more

Elevate your security with expert-led services

Even as today’s security challenges feel overwhelming, you don’t have to face them alone. The Microsoft Defender Experts Suite combines managed extended detection and response (MXDR), end-to-end proactive and reactive incident response, and direct access to a designated Microsoft security advisor to help you protect your organization and accelerate security outcomes.

The Defender Experts Suite can help you do the following:

Defend against cyberthreats

Microsoft Defender Experts for XDR delivers round-the-clock MXDR, natively integrated with Microsoft Defender. Our seasoned analysts—bringing more than 600 years of combined experience—triage, investigate, and respond to incidents across endpoints, identities, email, cloud apps, and cloud workloads, helping to reduce alert fatigue and improve security operations center (SOC) efficiency. Defender Experts for XDR includes Microsoft Defender Experts for Hunting, which provides around-the-clock, proactive threat hunting across domains to help uncover emerging cyberthreats earlier.

With Defender Experts for XDR, you gain access to a designated service delivery engineer who helps you get the full value of the service and provides ongoing recommendations to strengthen your security posture. You can also connect with our experts on-demand for deeper insight into specific incidents, attack vectors, or nation-state cyberthreats.

Build cyber resilience

Microsoft Incident Response offers proactive and reactive services that help organizations prevent, withstand, and recover from cyber incidents. Backed by extensive threat intelligence, proprietary investigation tools, and direct engagement with Microsoft product engineering, Microsoft Incident Response strengthens resilience and delivers rapid response. Proactive services—such as incident response planning, assessments, simulation exercises, and advisory services—enhance incident response readiness, improve response capabilities, and provide tailored insights on the cyberthreat landscape.

When an incident does occur, Microsoft Incident Response rapidly investigates, removes the cyberattacker, and helps accelerates recovery. Operating on the frontlines of the world’s most complex cyberattacks since 2008, the Microsoft Incident Response team provides speed, precision, and confidence in the moments that matter most.

Modernize security operations

Microsoft Enhanced Designated Engineering provides direct access to Microsoft security advisors who partner with customers to strengthen security posture and operational maturity. Our experts work with you to help ensure Microsoft security technologies are properly architected, configured, and used effectively to achieve desired security outcomes, supported by ongoing assessments and continuous improvement. They also collaborate with security teams to optimize operations, modernize processes, and apply Microsoft best practices and real world threat intelligence to improve detection, response, and resilience—helping organizations operate with confidence as cyberthreats evolve.

Better together—integrated security services

With the Defender Experts Suite, organizations get more than standalone expertise—they gain integrated security services that reduce complexity and simplify operations. With shared intelligence and connected workflows, investigations can move faster, recommendations land in context, and improvements compound over time. Instead of managing multiple providers, security teams benefit from streamlined communication, consistent guidance, and comprehensive expertise from Microsoft security experts. This can result in a more resilient, more efficient, and more confident security operation that matures steadily rather than reacting in silos.

End-to-end, expert-led protection

Let’s look at the Microsoft Defender Experts Suite in action. When you first get started with the Microsoft Defender Experts Suite, Enhanced Designated Engineering guides you through deploying Defender workloads securely and helps ensure Defender Experts for XDR is configured correctly. Once operational, Defender Experts for XDR provides constant MXDR and threat hunting to protect your environment. Defender Experts for XDR will provide ongoing recommendations to improve your security posture, and your designated Microsoft security advisor helps you act on those recommendations as your environment evolves.

Assessments delivered by Microsoft Incident Response may uncover vulnerabilities or gaps. The Microsoft security advisor will step in to help you address them and strengthen resilience. And if an incident occurs, Defender Experts for XDR will work hand-in-hand with the Microsoft Incident Response team to help you respond and recover quickly. With end-to-end services delivered by Microsoft, you can benefit from reduced complexity, streamlined communication, comprehensive expertise, and continuous improvement.

Get started with the Microsoft Defender Experts Suite today and save

For a limited time, organizations can unlock the full value of expert-led services with a promotional offer. From January 1, 2026, through December 31, 2026, eligible customers can save up to 66% on the Microsoft Defender Experts Suite.² Read more about the Microsoft Defender Experts Suite and get started now.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹Bridging the Cyber Skills Gap, World Economic Forum, 2025.

²Eligible customers must purchase a minimum of 1,500 seats of the Microsoft Defender Experts Suite and have either Microsoft 365 E5 or Microsoft Defender and Purview  Frontline Workers (formerly Microsoft 365 F5).

The post Introducing the Microsoft Defender Experts Suite: Elevate your security with expert-led services appeared first on Microsoft Security Blog.

While patchwork tools slow defenders down and impact visibility into potential cyberthreats, they’re an unfortunate reality for many organizations. As digital risk accelerates and attack surfaces multiply, security leaders are doing their best to stitch together point solutions while trying to avoid blind spots that cyberattackers can exploit. But point solutions can only go so far. For protection that keeps up with today’s fast-evolving cyberthreats, the way forward is a unified, AI-ready security platform that consolidates telemetry, analytics, and automation across detection, response, exposure management, and cloud security.

In our new e-book, 3 reasons point solutions are holding you back, we share how a unified, AI-ready platform can transform your security operations to help keep your organization safe. Read on to learn more about the key concepts in our new e-book.

What you’ll learn:

1. The hidden costs of fragmented tools: How disconnected solutions inflate operational costs, slow investigations, and prevent AI from delivering its full potential.
2. The power of unification: Why a unified platform delivers full-spectrum visibility, predictive defense, and agentic assistance—helping teams respond faster and more effectively.
3. Real-world results: See how organizations are reducing breach exposure, cutting incident response effort, and lowering costs through consolidation.

Rethinking security for the AI era

AI is transforming cybersecurity for both defenders and threat actors. But disconnected tools prevent defenders from seeing the full picture and block AI from delivering its full value. Without unified data and context, AI models can’t detect subtle patterns or anticipate evolving cyberthreats. Imagine a security approach that doesn’t just react but predicts—one that turns fragmented signals into actionable insight. An AI-ready platform unifies security data into a scalable, intelligent data lake enriched with threat intelligence and mapped into a living security graph. In our e-book, we explore how this shift transforms security from a patchwork of disparate tools to a strategic advantage for organizations—delivering clarity, speed, and resilience in ways point solutions simply can’t match.

The e-book shares more about how AI-ready unity includes the ability to:

• Predict attack paths and prevent breaches with exposure management.
• Rapidly remediate with AI-powered protection and improved mean time to resolution (MTTR).
• Detect emerging cyberthreats using cyberattacker-level intelligence.
• Continuously optimize security operations center (SOC) operations with centralized data and advanced analytics.

Measurable benefits of a unified security platform

By moving away from fragmented portfolios, organizations see dramatic improvements in efficiency and resilience. Instead of drowning in alert triage, security teams can redirect their focus to proactive remediation and prevention. And AI-powered detection shortens containment from hours to minutes—often halting ransomware before encryption begins.

Stay ahead of accelerating cyberthreats

Microsoft Defender, powered by Microsoft Sentinel, unifies prevention, detection, and response across ransomware, phishing, malware, and other advanced cyberthreats. Together with Microsoft Security Copilot, the stack brings AI-powered guidance and autonomous protection to investigations and response.

The e-book shares more about the key benefits, including:

• Unified foundation: Security information and event management (SIEM), data lake, and graph in one platform.
• Proactive resilience: Continuous exposure management and prioritized prevention.
• AI-accelerated defense: Generative guidance and autonomous response.
• Operational efficiency: Simplified onboarding, connectors, and workflows.
• Strategic value: Lower costs through consolidation and higher return on investment.

Ready to move beyond point solutions?

Download the 3 reasons point solutions are holding you back e-book and discover how a unified, AI-ready platform can help your team stay ahead of cyberthreats and prepare for the future.

Envision a future where defenders and AI agents work together. Hear Charlie Bell, Executive Vice President of Microsoft Security, and Vasu Jakkal, Corporate Vice President of Microsoft Security Business, share how leading organizations are securing AI innovation at scale—plus get demos and actionable steps. Watch now!

Learn more

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity. 

The post New Microsoft e-book: 3 reasons point solutions are holding you back appeared first on Microsoft Security Blog.

Today, most organizations use multiple identity systems and multiple network access solutions from multiple vendors. This happens, either intentionally or organically, when different areas of a company choose different tools, creating a fragmented environment that leaves weaknesses that cyberattackers are quick to weaponize.

Simply adding more tools isn’t enough. No matter how many you have, when identity systems and network security systems don’t work together, visibility drops, gaps form, and risks skyrocket. A unified, adaptive approach to access security, in contrast, can better ensure that only the right users are accessing your data and resources from the right places.

When identity and network access work in concert, sharing signals and amplifying each other’s strengths through a unified policy engine, they create a dynamic safety net—an Access Fabric—that continuously evaluates trust at the authentication and network levels throughout every session and enforces risk-based access decisions in real-time, not just at first sign-in.

AI is amplifying the risk of defensive seams and gaps

Access isn’t a single wall between your organizational resources and cyberthreats. It’s a lattice of decisions about people, devices, applications, agents, and networks. With multiple tools, management becomes patchwork: identity controls in this console, network controls over there, endpoint rules somewhere else, and software as a service (SaaS) configurations scattered across dozens of admin planes. Although each solution strives to do the right thing, the overall experience is disjointed, the signals are incomplete, and the policies are rarely consistent.

In the age of AI, this fragmentation is dangerous. In fact, 79% of organizations that use six or more identity and network solutions reported an increase in significant breaches.¹ Threat actors are using AI to get better at finding and exploiting weaknesses in defenses. For example, our data shows that threat actors are using AI to make phishing campaigns four and a half times more effective and to automate intrusion vectors at scale.²

The best strategy moving forward is to remove seams and close gaps that cyberattackers target. This is what an Access Fabric does. It isn’t a product or platform but a unified approach to access security across AI and SaaS apps, internet traffic, and private resources to protect every identity, access point, session, and resource with the same adaptive controls.

An Access Fabric solution continuously decides who can access what, from where, and under what conditions—in real time. It reduces complexity and closes the gaps that cyberattackers look for, because the same adaptive controls protect human users, devices, and even AI agents as they move between locations and networks.

Why a unified approach to access security is better than a fragmented one

Let’s use an everyday example to illustrate the difference between an access security approach that uses fragmented tools versus one that uses an Access Fabric solution.

It’s a typical day at the office. After signing into your laptop and opening your confidential sales report, it hits you: You need coffee. There’s a great little cafe just in your building, so you pop downstairs with your laptop and connect to its public wireless network.

Unfortunately, disconnected identity and security systems won’t catch that you just switched from a secure network to a public one. This means that the token issued while you were connected to your secure network will stay valid until it expires. In other words, until the token times out, you can still connect to sensitive resources, like your sales report. What’s more, anything you access is now exposed over the cafe’s public wireless network to anyone nearby—even to AI-empowered cyberattackers stalking the public network, just waiting to pounce.

The system that issued your token worked exactly as designed. It simply had no mechanism to receive a signal from your laptop that you had switched to an insecure network mid-session.

Now let’s revise this scenario. This time you, your device, your applications, and your data are wrapped in the protection of an Access Fabric solution that connects identity, device, and network signals. You still need coffee and you still go down to the cafe. This time, however, your laptop sends a signal the moment you connect to the cafe’s public wireless network, triggering a policy that immediately revokes access to your confidential sales report.

The Access Fabric solution doesn’t simply trust a “one-and-done” sign-in but applies the Zero Trust principles of “never trust, always verify” and “assume breach” to keep checking: Is this still really you? Is your device still healthy? Is this network trustworthy? How sensitive is the app or data you’re trying to access?

Anything that looks off, like a change in network conditions, triggers a policy that automatically tightens or even pauses your access to sensitive resources. You don’t have to think about it. The safety net is always there, weaving identity and network signals together, updating risk scores, and continuously re-evaluating access to keep your data safe, wherever you are.

What makes an Access Fabric solution effective

For an Access Fabric solution to secure access in hybrid work environments effectively, it must be contextual, connected, and continuous.

• Contextual: Instead of granting a human user, device, or autonomous agent access based on a password or one-time authentication token, a rich set of signals across identity, device posture, network telemetry, and business context inform every access decision. If context changes, the policy engine re-evaluates conditions and reassesses risk in real-time.
• Connected: Instead of operating independently, identity and network controls share signals and apply consistent policies across applications, endpoints, and network edges. When identity and network telemetry reinforce one another, access decisions become comprehensive and dynamic instead of disjointed and episodic. This unified approach simplifies governance for security teams, who can set policies in one place.
• Continuous: Verification at the authentication and network levels is ongoing throughout every session—not just at sign-in—as users, devices, and agents interact with resources. The policy engine at the heart of the solution is always learning and adapting. If risk levels change in response to a shift in device health, network activity, or suspicious behavior, the system responds instantly to mitigate cyberthreats before they escalate.

With an Access Fabric solution, life gets more secure for everyone. Identity and network access teams can configure comprehensive policies, review granular logs, and take coordinated action in one place. They can deliver better security while employees get a more consistent and intuitive experience, which improves security even more. Organizations can experiment with AI more safely because their Access Fabric solution will ensure that machine identities and AI agents play by the same smart rules as people.

By moving beyond static identity checks to real-time, context-aware access decisions, an Access Fabric solution delivers stronger access security and a smoother user experience wherever and however work happens.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹Secure employee access in the age of AI.

²Microsoft Digital Defense Report 2025.

The post Access Fabric: A modern approach to identity and network access appeared first on Microsoft Security Blog.

CVE-2025-55182 (also referred to as React2Shell and includes CVE-2025-66478, which was merged into it) is a critical pre-authentication remote code execution (RCE) vulnerability affecting React Server Components, Next.js, and related frameworks. With a CVSS score of 10.0, this vulnerability could allow attackers to execute arbitrary code on vulnerable servers through a single malicious HTTP request.

Exploitation activity related to this vulnerability was detected as early as December 5, 2025. Most successful exploits originated from red team assessments; however, we also observed real-world exploitation attempts by threat actors delivering multiple subsequent payloads, majority of which are coin miners. Both Windows and Linux environments have been observed to be impacted.

The React Server Components ecosystem is a collection of packages, frameworks, and bundlers that enable React 19 applications to run parts of their logic on the server rather than the browser. It uses the Flight protocol to communicate between client and server. When a client requests data, the server receives a payload, parses this payload, executes server-side logic, and returns a serialized component tree. The vulnerability exists because affected React Server Components versions fail to validate incoming payloads. This could allow attackers to inject malicious structures that React accepts as valid, leading to prototype pollution and remote code execution.

This vulnerability presents a significant risk because of the following factors:

• Default configurations are vulnerable, requiring no special setup or developer error.
• Public proof-of-concept exploits are readily available with near-100% reliability.
• Exploitation can happen without any user authentication since this is a pre-authentication vulnerability.
• The vulnerability could be exploited using a single malicious HTTP request.

In this report, Microsoft Defender researchers share insights from observed attacker activity exploiting this vulnerability. Detailed analyses, detection insights, as well as mitigation recommendations and hunting guidance are covered in the next sections. Further investigation towards providing stronger protection measures is in progress, and this report will be updated when more information becomes available.

Analyzing CVE-2025-55182 exploitation activity

React is widely adopted in enterprise environments. In Microsoft Defender telemetry, we see tens of thousands of distinct devices across several thousand organizations running some React or React-based applications. Some of the vulnerable applications are deployed inside containers, and the impact on the underlying host is dependent on the security configurations of the container.

We identified several hundred machines across a diverse set of organizations compromised using common tactics, techniques, and procedures (TTPs) observed with web application RCE. To exploit CVE-2025-55182, an attacker sends a crafted input to a web application running React Server Components functions in the form of a POST request. This input is then processed as a serialized object and passed to the backend server, where it is deserialized. Due to the default trust among the components, the attacker-provided input is then deserialized and the backend runs attacker-provided code under the NodeJS runtime.

Post-exploitation, attackers were observed to run arbitrary commands, such as reverse shells to known Cobalt Strike servers. To achieve persistence, attackers added new malicious users, utilized remote monitoring and management (RMM) tools such as MeshAgent, modified authorized_keys file, and enabled root login. To evade security defenses, the attackers downloaded from attacker-controlled CloudFlare Tunnel endpoints (for example, *.trycloudflare.com) and used bind mounts to hide malicious processes and artifacts from system monitoring tools.

The malware payloads seen in campaigns investigated by Microsoft Defender vary from remote access trojans (RATs) like VShell and EtherRAT, the SNOWLIGHT memory-based malware downloader that enabled attackers to deploy more payloads to target environments, ShadowPAD, and XMRig cryptominers. The attacks proceeded by enumerating system details and environment variables to enable lateral movement and credential theft.

Credentials that were observed to be targeted included Azure Instance Metadata Service (IMDS) endpoints for Azure, Amazon Web Services (AWS), Google Cloud Platform (GCP), and Tencent Cloud to acquire identity tokens, which could be used to move laterally to other cloud resources. Attackers also deployed secret discovery tools such as TruffleHog and Gitleaks, along with custom scripts to extract several different secrets. Attempts to harvest AI and cloud-native credentials, such as OpenAI API keys, Databricks tokens, and Kubernetes service‑account credentials were also observed. Azure Command-Line Interface (CLI) (az) and Azure Developer CLI (azd) were also used to obtain tokens.

Mitigation and protection guidance

Microsoft recommends customers to act on these mitigation recommendations:

Manual identification guidance

Until full in-product coverage is available, you can manually assess exposure on servers or containers:

1. Navigate to your project directory and open the node_modules folder.
2. Review installed packages and look for:
   • react-server-dom-webpack
   • react-server-dom-parcel
   • react-server-dom-turbopack
   • next
3. Validate versions against the known affected range:
   • React: 19.0.0,19.1.0, 19.1.1, 19.2.0
   • Next.js: 15.0.0 – 15.0.4, 15.1.0 – 15.1.8, 15.2.0 – 15.2.5, 15.3.0 – 15.3.5, 15.4.0 – 15.4.7, 15.5.0 – 15.5.6, 16.0.0 – 16.0.6, 14.3.0-canary.77 and later canary releases
4. If any of these packages match the affected versions, remediation is required. Prioritize internet-facing assets first, especially those identified by Defender as externally exposed.

Mitigation best practices

1. Patch immediately
   • React and Next.js have released fixes for the impacted packages. Upgrade to one of the following patched versions (or later within the same release line):
     • React: 19.0.1, 19.1.2, 19.2.1
     • Next.js: 5.0.5, 15.1.9, 15.2.6, 15.3.6, 15.4.8, 15.5.7, 16.0.7
   • Because many frameworks and bundlers rely on these packages, make sure your framework-level updates also pull in the corrected dependencies.
2. Prioritize exposed services
   • Patch all affected systems, starting with internet-facing workloads.
   • Use Microsoft Defender Vulnerability Management (MDVM) to surface vulnerable package inventory and to track remediation progress across your estate.
3. Monitor for exploit activity
   • Review MDVM dashboards and Defender alerts for indicators of attempted exploitation.
   • Correlate endpoint, container, and cloud signals for higher confidence triage.
   • Invoke incident response process to address any related suspicious activity stemming from this vulnerability.
4. Add WAF protections where appropriate
   • Apply Azure Web Application Firewall (WAF) custom rules for Application Gateway and Application Gateway for Containers to help block exploit patterns while patching is in progress. Microsoft has published rule guidance and JSON examples in the Azure Network Security Blog, with ongoing updates as new attack permutations are identified.

Recommended customer action checklist

• Identify affected React Server Components packages in your applications and images.
• Upgrade to patched versions. Refer to the React page for patching guidance.
• Prioritize internet-facing services for emergency change windows.
• Enable and monitor Defender alerts tied to React Server Components exploitation attempts.
• Apply Azure WAF custom rules as a compensating control where feasible.
• Use MDVM to validate coverage and confirm risk reduction post-update.

CVE-2025-55182 represents a high-impact, low-friction attack path against modern React Server Components deployments. Rapid patching combined with layered Defender monitoring and WAF protections provides the strongest short-term and long-term risk reduction strategy.

Microsoft Defender XDR detections 

Microsoft Defender XDR customers can refer to the list of applicable detections below. Microsoft Defender XDR coordinates detection, prevention, investigation, and response across endpoints, identities, email, apps to provide integrated protection against attacks like the threat discussed in this blog.

Customers with provisioned access can also use Microsoft Security Copilot in Microsoft Defender to investigate and respond to incidents, hunt for threats, and protect their organization with relevant threat intelligence.

In many cases subsequent activity post exploitation was detected and following alerts were triggered on the victim devices. Note that the following alerts below can also be triggered by unrelated threat activity.

Automatic attack disruption through Microsoft Defender for Endpoint alerts

To better support customers in the event of exploitation, we are expanding our detection framework to identify and alert on CVE-2025-55182 activity across all operating systems for Microsoft Defender for Endpoint customers. These detections are integrated with automatic attack disruption.

When these alerts, combined with other signals, provide high confidence of active attacker behavior, automatic attack disruption can initiate autonomous containment actions to help stop the attack and prevent further progression.

Microsoft Defender Vulnerability Management and Microsoft Defender for Cloud

Microsoft Defender for Cloud rolled out support to surface CVE-2025-55182 with agentless scanning across containers and cloud virtual machines (VMs). Follow the documentation on how to enable agentless scanning:

• Protect your servers with Defender for Servers
• Defender for Containers Deployment Overview

We are currently expanding detection for this vulnerability in Microsoft Defender Vulnerability Management (MDVM) on Windows, Linux, and macOS devices. In parallel, we recommend that you upgrade affected React Server Components and Next.js packages immediately to patched versions to reduce risk.

Once detection is fully deployed, MDVM and Microsoft Defender for Cloud dashboards will surface:

• Identification of exposed assets in the organization
• Clear remediation guidance tied to your affected assets and workloads

Microsoft Security Copilot

Security Copilot customers can use the standalone experience to create their own prompts or run the following prebuilt promptbooks to automate incident response or investigation tasks related to this threat:

• Incident investigation
• Microsoft User analysis
• Threat actor profile
• Threat Intelligence 360 report based on MDTI article
• Vulnerability impact assessment

Note that some promptbooks require access to plugins for Microsoft products such as Microsoft Defender XDR or Microsoft Sentinel.

Threat intelligence reports

Microsoft Defender XDR customers can use the following threat analytics reports in the Defender portal (requires license for at least one Defender XDR product) to get the most up-to-date information about the threat actor, malicious activity, and techniques discussed in this blog. These reports provide intelligence, protection information, and recommended actions to prevent, mitigate, or respond to associated threats found in customer environments.

Microsoft Defender XDR threat analytics

• Vulnerability Profile: CVE-2025-55182 – React Server Components

Microsoft Security Copilot customers can also use the Microsoft Security Copilot integration in Microsoft Defender Threat Intelligence, either in the Security Copilot standalone portal or in the embedded experience in the Microsoft Defender portal to get more information about this threat actor.

Hunting queries and recommendations

Microsoft Defender XDR

Microsoft Defender XDR customers can run the following query to find related activity in their networks:

Detect potential React2Shell command injection attempt

CloudAuditEvents
| where (ProcessCommandLine == "/bin/sh -c (whoami)" and (ParentProcessName == "node" or ParentProcessName has "next-server"))
        or (ProcessCommandLine has_any ("echo","powershell") and ProcessCommandLine matches regex @'(echo\s+\$\(\(\d+\*\d+\)\)|powershell\s+-c\s+"\d+\*\d+")')
| project Timestamp, KubernetesPodName, KubernetesNamespace, ContainerName, ContainerId, ContainerImageName, FileName, ProcessName, ProcessCommandLine, ProcessCurrentWorkingDirectory, ParentProcessName, ProcessId, ParentProcessId, AccountName

Identify encoded PowerShell attempts

let lookback = 10d;
DeviceProcessEvents
| where Timestamp >= ago(lookback)
| where InitiatingProcessParentFileName has "node"
| where InitiatingProcessCommandLine  has_any ("next start", "next-server") or ProcessCommandLine  has_any ("next start", "next-server")
| summarize  make_set(InitiatingProcessCommandLine), make_set(ProcessCommandLine) by DeviceId, Timestamp
//looking for powershell activity
| where set_ProcessCommandLine  has_any ("cmd.exe","powershell")
| extend decoded_powershell_1 = replace_string(tostring(base64_decode_tostring(tostring(split(tostring(split(set_ProcessCommandLine.[0],"EncodedCommand ",1).[0]),'"',0).[0]))),"\0","")
| extend decoded_powershell_1b = replace_string(tostring(base64_decode_tostring(tostring(split(tostring(split(set_ProcessCommandLine.[0],"Enc ",1).[0]),'"',0).[0]))),"\0","")
| extend decoded_powershell_2 = replace_string(tostring(base64_decode_tostring(tostring(split(tostring(split(set_ProcessCommandLine.[0],"enc ",1).[0]),'"',0).[0]))),"\0","")
| extend decoded_powershell_3 = replace_string(tostring(base64_decode_tostring(tostring(split(tostring(split(set_ProcessCommandLine.[0],"ec ",1).[0]),'"',0).[0]))),"\0","")
| where set_ProcessCommandLine !has "'powershell -c " 
| extend decoded_powershell = iff( isnotempty( decoded_powershell_1),decoded_powershell_1, 
                                                    iff(isnotempty( decoded_powershell_2), decoded_powershell_2,
                                                        iff(isnotempty( decoded_powershell_3), decoded_powershell_3,decoded_powershell_1b)))
| project-away decoded_powershell_1, decoded_powershell_1b, decoded_powershell_2,decoded_powershell_3
| where isnotempty( decoded_powershell)

Identify execution of suspicious commands initiated by the next-server parent process post-exploitation

let lookback = 10d;
DeviceProcessEvents
| where Timestamp >= ago(lookback)
| where InitiatingProcessFileName =~ "node.exe" and InitiatingProcessCommandLine has ".js"
| where FileName =~ "cmd.exe"
| where (ProcessCommandLine has_any (@"\next\", @"\npm\npm\node_modules\", "\\server.js")
    and (ProcessCommandLine has_any ("powershell -c \"", "curl", "wget", "echo $", "ipconfig", "start msiexec", "whoami", "systeminfo", "$env:USERPROFILE", "net user", "net group", "localgroup administrators",  "-ssh", "set-MpPreference", "add-MpPreference", "rundll32", "certutil", "regsvr32", "bitsadmin", "mshta", "msbuild")   
         or (ProcessCommandLine has "powershell" and
             (ProcessCommandLine has_any ("Invoke-Expression", "DownloadString", "DownloadFile", "FromBase64String", "Start-Process", "System.IO.Compression", "System.IO.MemoryStream", "iex ", "iex(", "Invoke-WebRequest", "iwr ", ".UploadFile", "System.Net.WebClient")
                or ProcessCommandLine matches regex @"[-/–][Ee^]{1,2}[NnCcOoDdEeMmAa^]*\s[A-Za-z0-9+/=]{15,}"))))
   or ProcessCommandLine matches regex @'cmd\.exe\s+/d\s+/s\s+/c\s+"powershell\s+-c\s+"[0-9]+\*[0-9]+""'

Identify execution of suspicious commands initiated by the next-server parent process post-exploitation

let lookback = 10d;
DeviceProcessEvents
| where Timestamp >= ago(lookback)
| where InitiatingProcessFileName == "node"
| where InitiatingProcessCommandLine has_any (" server.js", " start", "/server.js")
| where ProcessCommandLine  has_any ("| sh", "openssl,", "/dev/tcp/", "| bash", "|sh", "|bash", "bash,", "{sh,}", "SOCK_STREAM", "bash -i", "whoami", "| base64 -d", "chmod +x /tmp", "chmod 777")
| where ProcessCommandLine !contains "vscode" and ProcessCommandLine !contains "/.claude/"  and ProcessCommandLine !contains "/claude"

Microsoft Defender XDR’s blast radius analysis capability, incorporated into the incident investigation view, allows security teams to visualize and understand the business impact of a security compromise by showing potential propagation paths towards the organization’s critical assets before it escalates into a full blown incident. This capability merges pre-breach estate understanding with post-breach views allowing security teams to map their interconnected assets and highlights potential paths teams can prioritize for remediation efforts based on the criticality of assets and their interconnectivity to the compromised entities.

Microsoft Defender for Cloud

Microsoft Defender for Cloud customers can use security explorer templates to locate exposed containers running vulnerable container images and vulnerable virtual machines. Template titled Internet exposed containers running container images vulnerable to React2Shell vulnerability CVE-2025-55182 and Internet exposed virtual machines vulnerable to React2Shell vulnerability CVE-2025-55182 are added to the gallery.

Microsoft Security Exposure Management

Microsoft Security Exposure Management’s automated attack path analysis maps out potential threats by identifying exposed resources and tracing the routes an attacker might take to compromise critical assets. This analysis highlights vulnerable cloud compute resources, such as virtual machines and Kubernetes containers, that are susceptible to remote code execution vulnerabilities, including React2Shell CVEs. It also outlines possible lateral movement steps an adversary might take within the environment. The attack paths are presented for all supported cloud environments, including Azure, AWS, and GCP.

To view these paths, filter the view in Microsoft Security Exposure Management, filter by entry point type:

• Kubernetes container
• Virtual Machine
• AWS EC2 instance
• GCP compute instance.

Alternatively, in Microsoft Defender for Cloud, customers can filter by titles such as:

• Internet exposed container with high severity vulnerabilities
• Internet exposed Azure VM with RCE vulnerabilities
• Internet exposed GCP compute instance with RCE vulnerabilities
• Internet exposed AWS EC2 instance with RCE vulnerabilities

Microsoft Sentinel

Microsoft Sentinel customers can use the TI Mapping analytics (a series of analytics all prefixed with ‘TI map’) to automatically match the malicious domain indicators mentioned in this blog post with data in their workspace. If the TI Map analytics are not currently deployed, customers can install the Threat Intelligence solution from the Microsoft Sentinel Content Hub to have the analytics rule deployed in their Sentinel workspace. 

Detect network IP and domain indicators of compromise using ASIM

//IP list and domain list- _Im_NetworkSession
let lookback = 30d;
let ioc_ip_addr = dynamic(["194.69.203.32", "162.215.170.26", "216.158.232.43", "196.251.100.191", "46.36.37.85", "92.246.87.48"]);
let ioc_domains = dynamic(["anywherehost.site", "xpertclient.net", "superminecraft.net.br", "overcome-pmc-conferencing-books.trycloudflare.com", "donaldjtrmp.anondns.net", "labubu.anondns.net", "krebsec.anondns.net", "hybird-accesskey-staging-saas.s3.dualstack.ap-northeast-1.amazonaws.com", "ghostbin.axel.org", "194.69.203.32:81", "194.69.203.32:81", "194.69.203.32:81", "162.215.170.26:3000", "216.158.232.43:12000", "overcome-pmc-conferencing-books.trycloudflare.com", "donaldjtrmp.anondns.net:1488", "labubu.anondns.net:1488", "krebsec.anondns.net:2316/dong", "hybird-accesskey-staging-saas.s3.dualstack.ap-northeast-1.amazonaws.com", "ghostbin.axel.org"]);n_Im_NetworkSession(starttime=todatetime(ago(lookback)), endtime=now())n| where DstIpAddr in (ioc_ip_addr) or DstDomain has_any (ioc_domains)
| summarize imNWS_mintime=min(TimeGenerated), imNWS_maxtime=max(TimeGenerated),
  EventCount=count() by SrcIpAddr, DstIpAddr, DstDomain, Dvc, EventProduct, EventVendor

Detect Web Sessions IP and file hash indicators of compromise using ASIM

//IP list - _Im_WebSession
let lookback = 30d;
let ioc_ip_addr = dynamic(["194.69.203.32", "162.215.170.26", "216.158.232.43", "196.251.100.191", "46.36.37.85", "92.246.87.48"]);
let ioc_sha_hashes =dynamic(["c2867570f3bbb71102373a94c7153239599478af84b9c81f2a0368de36f14a7c", "9e9514533a347d7c6bc830369c7528e07af5c93e0bf7c1cd86df717c849a1331", "b63860cefa128a4aa5d476f300ac45fd5d3c56b2746f7e72a0d27909046e5e0f", "d60461b721c0ef7cfe5899f76672e4970d629bb51bb904a053987e0a0c48ee0f", "d3c897e571426804c65daae3ed939eab4126c3aa3fa8531de5e8f0b66629fe8a", "d71779df5e4126c389e7702f975049bd17cb597ebcf03c6b110b59630d8f3b4d", "b5acbcaccc0cfa54500f2bbb0745d4b5c50d903636f120fc870082335954bec8", "4cbdd019cfa474f20f4274310a1477e03e34af7c62d15096fe0df0d3d5668a4d", "f347eb0a59df167acddb245f022a518a6d15e37614af0bbc2adf317e10c4068b", "661d3721adaa35a30728739defddbc72b841c3d06aca0abd4d5e0aad73947fb1", "876923709213333099b8c728dde9f5d86acfd0f3702a963bae6a9dde35ba8e13", "2ebed29e70f57da0c4f36a9401a7bbd36e6ddd257e0920aa4083240afa3a6457", "f1ee866f6f03ff815009ff8fd7b70b902bc59b037ac54b6cae9b8e07beb854f7", "7e90c174829bd4e01e86779d596710ad161dbc0e02a219d6227f244bf271d2e5"]);b_Im_WebSession(starttime=todatetime(ago(lookback)), endtime=now())b| where DstIpAddr in (ioc_ip_addr) or FileSHA256 in (ioc_sha_hashes)
| summarize imWS_mintime=min(TimeGenerated), imWS_maxtime=max(TimeGenerated),
  EventCount=count() by SrcIpAddr, DstIpAddr, Url, Dvc, EventProduct, EventVendor

Detect domain and URL indicators of compromise using ASIM

// Domain list - _Im_WebSession
let ioc_domains = dynamic(["anywherehost.site", "xpertclient.net", "superminecraft.net.br", "overcome-pmc-conferencing-books.trycloudflare.com", "donaldjtrmp.anondns.net", "labubu.anondns.net", "krebsec.anondns.net", "hybird-accesskey-staging-saas.s3.dualstack.ap-northeast-1.amazonaws.com", "ghostbin.axel.org", "194.69.203.32:81", "194.69.203.32:81", "194.69.203.32:81", "162.215.170.26:3000", "216.158.232.43:12000", "overcome-pmc-conferencing-books.trycloudflare.com", "donaldjtrmp.anondns.net:1488", "labubu.anondns.net:1488", "krebsec.anondns.net:2316/dong", "hybird-accesskey-staging-saas.s3.dualstack.ap-northeast-1.amazonaws.com", "ghostbin.axel.org"]);
_Im_WebSession (url_has_any = ioc_domains)

Detect files hashes indicators of compromise using ASIM

// file hash list - imFileEvent
let ioc_sha_hashes = dynamic(["c2867570f3bbb71102373a94c7153239599478af84b9c81f2a0368de36f14a7c", "9e9514533a347d7c6bc830369c7528e07af5c93e0bf7c1cd86df717c849a1331", "b63860cefa128a4aa5d476f300ac45fd5d3c56b2746f7e72a0d27909046e5e0f", "d60461b721c0ef7cfe5899f76672e4970d629bb51bb904a053987e0a0c48ee0f", "d3c897e571426804c65daae3ed939eab4126c3aa3fa8531de5e8f0b66629fe8a", "d71779df5e4126c389e7702f975049bd17cb597ebcf03c6b110b59630d8f3b4d", "b5acbcaccc0cfa54500f2bbb0745d4b5c50d903636f120fc870082335954bec8", "4cbdd019cfa474f20f4274310a1477e03e34af7c62d15096fe0df0d3d5668a4d", "f347eb0a59df167acddb245f022a518a6d15e37614af0bbc2adf317e10c4068b", "661d3721adaa35a30728739defddbc72b841c3d06aca0abd4d5e0aad73947fb1", "876923709213333099b8c728dde9f5d86acfd0f3702a963bae6a9dde35ba8e13", "2ebed29e70f57da0c4f36a9401a7bbd36e6ddd257e0920aa4083240afa3a6457", "f1ee866f6f03ff815009ff8fd7b70b902bc59b037ac54b6cae9b8e07beb854f7", "7e90c174829bd4e01e86779d596710ad161dbc0e02a219d6227f244bf271d2e5"]);dimFileEventd| where SrcFileSHA256 in (ioc_sha_hashes) or
TargetFileSHA256 in (ioc_sha_hashes)
| extend AccountName = tostring(split(User, @'')[1]), 
  AccountNTDomain = tostring(split(User, @'')[0])
| extend AlgorithmType = "SHA256"

Find use of reverse shells

This query looks for potential reverse shell activity initiated by cmd.exe or PowerShell. It matches the use of reverse shells in this attack: reverse-shell-nishang.

Indicators of compromise

The list below is non-exhaustive and does not represent all indicators of compromise observed in the known campaigns:

References

• Critical Security Vulnerability in React Server Components – React
• NVD – CVE-2025-55182
• CVE-2025-55182 (React2Shell) Opportunistic Exploitation In The Wild: What The GreyNoise Observation Grid Is Seeing So Far

Learn more  

For the latest security research from the Microsoft Threat Intelligence community, check out the Microsoft Threat Intelligence Blog.

To get notified about new publications and to join discussions on social media, follow us on LinkedIn, X (formerly Twitter), and Bluesky.

To hear stories and insights from the Microsoft Threat Intelligence community about the ever-evolving threat landscape, listen to the Microsoft Threat Intelligence podcast.

The guidance provided in this blog post represents general best practices and is intended for informational purposes only. Customers remain responsible for evaluating and implementing security measures appropriate for their environments.

The post Defending against the CVE-2025-55182 (React2Shell) vulnerability in React Server Components appeared first on Microsoft Security Blog.

Today, we are proud to share that Microsoft has been recognized as an overall leader in the KuppingerCole Leadership Compass for Generative AI Defense (GAD), an independent report from a leading European analyst firm. This recognition reinforces the work we’ve been doing to deliver enterprise-ready Security and Governance capabilities for AI, and reflects our commitment to helping customers secure AI at scale.

Figure 1: KuppingerCole Generative AI Defense Leadership Compass chart highlighting Microsoft as the top Overall Leader, with other vendors including Palo Alto Networks, Cisco, F5, NeuralTrust, IBM, and others positioned as challengers or followers.

At Microsoft, our approach to Generative AI Defense is grounded in a simple principle: security is a core primitive which must be embedded everywhere – across AI apps, agents, platforms, and infrastructure. Microsoft delivers this through a comprehensive and integrated approach that provides visibility, protection, and governance across the full AI stack.

Our capabilities and controls help organizations address the most pressing challenges CISOs and security leaders face as AI adoption accelerates. We protect against agent sprawl and resource access with identity-first controls like Entra Agent ID and lifecycle governance, alongside network-layer controls that surface hidden shadow AI risks.  We prevent sensitive data leaks with Microsoft Purview’s real-time data loss prevention, classification, and inference safeguards. We defend against new AI threats and vulnerabilities with Microsoft Defender’s runtime protection, posture management, and AI-driven red teaming. Finally, we help organizations stay in compliance with evolving AI regulations with built-in support for frameworks like the EU AI Act, NIST AI RMF, and ISO 42001, so teams can confidently innovate while meeting governance requirements. Foundational security is also built into Microsoft 365 Copilot and Microsoft Foundry, with identity controls, data safeguards, threat protection, and compliance integrated from the start.

Guidance for Security Leaders and CISOs

For CISOs enabling their organizations to accelerate their AI transformation journeys, the following priorities are essential to building a secure, governed, and scalable AI foundation.  This guidance reflects a combination of key recommendations from KuppingerCole and Microsoft’s perspective on how we deliver on those recommendations:

What differentiates Microsoft is the comprehensive set of security capabilities woven into the Microsoft AI agents, apps, and platform. Shared capabilities across Microsoft Entra, Purview, and Defender deliver consistent protection for IT, developers, and security teams, while tools such as Microsoft Agent 365, Foundry Control Plane, and Security Dashboard for AI integrate security and observability directly where AI applications and agents are built, deployed, and governed. Together, these capabilities, including our latest capabilities from Ignite, help organizations deploy AI securely, reduce operational complexity, and strengthen trust across their environment.

Closing Thoughts

Agentic AI is transforming how organizations work, and with that shift comes a new security frontier. As AI becomes embedded across business processes, taking a proactive approach to defense-in-depth, governance, and integrated AI security is essential. Organizations that act early will be better positioned to innovate confidently and maintain trust.

At Microsoft, we recognize that securing AI requires purpose-built, enterprise-ready protection. With Microsoft Security for AI, organizations can safeguard sensitive data, protect against emerging AI threats, detect and remediate vulnerabilities, maintain compliance with evolving regulations, and strengthen trust as AI adoption accelerates. In this rapidly evolving landscape, AI defense is not optional, it is foundational to protecting innovation and ensuring enterprise readiness.

Explore more

• Read the full KuppingerCole Leadership Compass on Generative AI Defense (GAD)
• Learn more about Security for AI
• Read our latest Security for AI blog to learn more about our latest capabilities
• Visit the Microsoft Security site for the latest innovations.

Updated Dec 15, 2025

Version 1.0

The post Microsoft named an overall leader in KuppingerCole Leadership Compass for Generative AI Defense appeared first on Microsoft Security Blog.

In the latest edition of our Cyberattack Series, we dive into a real-world case of fake employees. Cybercriminals are no longer just breaking into networks—they’re gaining access by posing as legitimate employees. This form of cyberattack involves operatives posing as legitimate remote hires, slipping past human resources checks and onboarding processes to gain trusted access. Once inside, they exploit corporate systems to steal sensitive data, deploy malicious tools, and funnel profits to state-sponsored programs. In this blog, we unpack how this cyberattack unfolded, the tactics employed, and how Microsoft Incident Response—the Detection and Response Team (DART)—swiftly stepped in with forensic insights and actionable guidance. Download the full report to learn more.

What happened?

What began as a routine onboarding turned into a covert operation. In this case, four compromised user accounts were discovered connecting PiKVM devices to employer-issued workstations—hardware that enables full remote control as if the threat actor were physically present. This allowed unknown third parties to bypass normal access controls and extract sensitive data directly from the network. With support from Microsoft Threat Intelligence, we quickly traced the activity to the North Korean remote IT workforce known as Jasper Sleet.

DART quickly pivoted from proactive threat hunting to full-scale investigation, leveraging numerous specialized tools and techniques. These included, but were not limited to, Cosmic and Arctic for Azure and Active Directory analysis, Fennec for forensic evidence collection across multiple operating system platforms, and telemetry from Microsoft Entra ID protection and Microsoft Defender solutions for endpoint, identity, and cloud apps. Together, these tools and capabilities helped trace the intrusion, contain the threat, and restore operational integrity.

How did Microsoft respond?

Once the scope of the compromise was clear, DART acted immediately to contain and disrupt the cyberattack. The team disabled compromised accounts, restored affected devices to clean backups, and analyzed Unified Audit Logs—a feature of Microsoft 365 within the Microsoft Purview Compliance Manager portal—to trace the threat actor’s movements. Advanced detection tools, including Microsoft Defender for Identity and Microsoft Defender for Endpoint, were deployed to uncover lateral movement and credential misuse. To blunt the broader campaign, Microsoft also suspended thousands of accounts linked to North Korean IT operatives.

What can customers do to strengthen their defenses?

This cyberthreat is challenging, but it’s not insurmountable. By combining strong security operations center (SOC) practices with insider risk strategies, companies can close the gaps that threat actors exploit. Many organizations start by improving visibility through Microsoft 365 Defender and Unified Audit Log integration and protecting sensitive data with Microsoft Purview Data Loss Prevention policies. Additionally, Microsoft Purview Insider Risk Management can help organizations identify risky behaviors before they escalate, while strict pre-employment vetting and enforcing the principle of least privilege reduce exposure from the start. Finally, monitor for unapproved IT tools like PiKVM devices and stay informed through the Threat Analytics dashboard in Microsoft Defender. These cybersecurity practices and real-world strategies, paired with proactive alert management, can give your defenders the confidence to detect, disrupt, and prevent similar attacks.

What is the Cyberattack Series?

In our Cyberattack Series, customers discover how DART investigates unique and notable attacks. For each cyberattack story, we share:

• How the cyberattack happened.
• How the breach was discovered.
• Microsoft’s investigation and eviction of the threat actor.
• Strategies to avoid similar cyberattacks.

DART is made up of highly skilled investigators, researchers, engineers, and analysts who specialize in handling global security incidents. We’re here for customers with dedicated experts to work with you before, during, and after a cybersecurity incident.

Learn more

To learn more about DART capabilities, please visit our website, or reach out to your Microsoft account manager or Premier Support contact. To learn more about the cybersecurity incidents described above, including more insights and information on how to protect your own organization, download the full report.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹AI Fuels Mistrust Between Employers and Job Candidates; Recruiters Worry About Fraud, Candidates Fear Bias

The post Imposter for hire: How fake people can gain very real access appeared first on Microsoft Security Blog.

The insights gained from Cybersecurity Awareness Month, right through to Microsoft Ignite 2025, demonstrate that security remains a top priority for business leaders. It serves as a strategic lever for organizational growth, fosters trust, and facilitates the advancement of AI innovation. The Work Trend Index 2025 indicates that over 80% of leaders are currently utilizing agents or plan to do so within the next 12 to 18 months. While AI introduces risks such as oversharing, data leakage, compliance gaps, and agent sprawl, business and security leaders can address these issues in part by: 

1. Preparing for the integration of AI and agents.
2. Strengthening training so that everyone has the necessary skills. 
3. Fostering a culture that prioritizes cybersecurity. 

Microsoft guide for securing the AI-powered enterprise

Preparing for the integration of AI and intelligent agents

Preparing for AI and agent integration calls for careful strategy, thoughtful business planning, and organization-wide adoption under solid governance, security, and management. Microsoft’s AI adoption model offers a step-by-step guide for businesses embarking on this journey and the guide offers actionable insights and solutions to manage AI risks.

Strengthening training so that everyone has the necessary skills

Technology alone isn’t enough. People are your strongest defense—and the foundation of trust. That’s why skilling emerged as a central theme throughout these past months and will continue beyond. Frontier Firms—those structured around on-demand intelligence and powered by “hybrid” teams of humans plus agents—lead by fostering a culture of continuous learning. Our blog “Building human-centric security skills for AI” offers insights and guidance you can apply in your organization.  

• Lean into your unique human strengths: Your team’s judgment, creativity, and experience are irreplaceable. Take time to invest in upskilling and reskilling them, so they can confidently guide and manage AI tools responsibly and securely. Explore Microsoft Learn for Organizations for resources to support your learning journey.
• Stay curious and agile through continuous learning: Building security resilience is an ongoing process. Regularly refresh your AI and security training, offer time and resources for employees to explore new skills, and create a supportive, engaging environment that motivates continuous growth. Find in AI Skills Navigator, our agentic learning space, AI and security training tailored to different roles.  

Investing in skilling doesn’t just reduce risk—it accelerates innovation by giving teams the confidence to explore new AI capabilities securely. 

Skilling is an ongoing practice that needs to constantly evolve alongside the business and technology landscape. Staying ahead requires an enterprise-wide strategy that aligns ever-changing business priorities with always-on skill-building. —Jeana Jorgensen, Corporate Vice President, Microsoft Learning

Fostering a culture that prioritizes security

As AI impacts everyone’s role, make security awareness and responsible AI practices shared priorities. Encourage your team to weave security thinking into their daily routines—creating a safer environment for all. As Vasu Jakkal, Corporate Vice President of Microsoft Security highlighted in her blog “Cybersecurity Awareness Month: Security starts with you,” it is critical that security become part of your organization’s culture and norms. 

Check out our new e-book, Skilling for Secure AI: How Frontier Firms Lead the Way for practical steps for leaders to upskill their workforce in identity management, data governance, and responsible AI practices.

From awareness to action

In the agentic AI era, people continue to be our most valuable resource. It’s essential to empower them with AI and equip them with the skills they need to use AI responsibly and securely. Cybersecurity awareness should go beyond designated months or campaigns; true awareness means taking meaningful action.   

Here are three actions you can take today to maximize your AI investments: 

1. Share the Be Cybersmart Kit with your employees. It includes tips for protecting yourself from fraud and deepfakes, guidance on safe AI usage, and key security best practices.
2. Invest in people: Focus on upskilling initiatives that support your AI transformation, cloud modernization, and security-first strategies.
3. Champion a security-first culture: Ensure cybersecurity is integral to every business discussion and woven into your overall strategy. 

The post From awareness to action: Building a security-first culture for the agentic AI era appeared first on Microsoft Security Blog.