Microsoft Incident Response, Author at Microsoft Security Blog

Person sitting on a couch using a laptop.

Mar 17

13 min read

StilachiRAT analysis: From system reconnaissance to cryptocurrency theft

Microsoft Incident Response uncovered a novel remote access trojan (RAT) named StilachiRAT, which demonstrates sophisticated techniques to evade detection, persist in the target environment, and exfiltrate sensitive data. This blog primarily focuses on analysis of the WWStartupCtrl64.dll module that contains the RAT capabilities and summarizes the malware’s key behaviors, capabilities, and the potential risk posed to systems and users.

Computer programmer working at night in office.

Feb 10

4 min read

Build a stronger security strategy with proactive and reactive incident response: Cyberattack Series

Find out how a cyberattack by Storm-2077 was halted faster because the Microsoft Incident Response team is both proactive and reactive at the same time.

Chief information security officer presents to the board of executives on security topics.

Aug 28, 2024

7 min read

The art and science behind Microsoft threat hunting: Part 3

In this blog post, read how Microsoft Incident Response leverages three types of threat intelligence to enhance incident response scenarios.

Portrait of a chief information security officer.

Jun 25, 2024

7 min read

How to boost your incident response readiness

Discover key steps to bolster incident response readiness, from disaster recovery plans to secure deployments, guided by insights from the Microsoft Incident Response team.

Developer evaluating data from intelligent apps built in Azure in the context of FinTech.

Jun 12, 2024

5 min read

Microsoft Incident Response tips for managing a mass password reset

When an active incident leaves systems vulnerable, a mass password reset may be the right tool to restore security. This post explores the necessity and risk associated with mass password resets.

Apr 23, 2024

4 min read

New Microsoft Incident Response guide helps simplify cyberthreat investigations

Discover how to fortify your organization's cybersecurity defense with this practical guide on digital forensics from Microsoft's Incident Response team.

A security practitioner works at a computer.

Mar 21, 2024

5 min read

How Microsoft Incident Response and Microsoft Defender for Identity work together to detect and respond to cyberthreats

Learn how Microsoft Incident Response works together with Microsoft Defender for Identity to give customers fast, flexible service—before, during, or after a cybersecurity incident occurs.

A woman sitting at a table using a laptop.

Jan 17, 2024

5 min read

New Microsoft Incident Response guides help security teams analyze suspicious activity

Access the first two cloud investigation guides from Microsoft Incident Response to improve triage and analysis of data in Microsoft 365 and Microsoft Entra ID.

A graphic showing a circuit board to represent Microsoft Incident Response.

Dec 11, 2023

4 min read

New Microsoft Incident Response team guide shares best practices for security teams and leaders

The Microsoft Incident Response team shares a downloadable, interactive, people-centric, guide to effective incident response.

A conference room with seven people around a large table. Two of the individuals are standing while the rest are seated. Several open laptops are on the table facing the individuals.

Dec 5, 2023

28 min read

Microsoft Incident Response lessons on preventing cloud identity compromise

In real-world customer engagements, Microsoft IR sees combinations of issues and misconfigurations that could lead to attacker access to customers’ Microsoft Entra ID tenants. Reducing risk and exposure of your most privileged accounts plays a critical role in preventing or detecting attempts at tenant-wide compromise.

Graphic showing the many arms of a cyberattack.

Dec 4, 2023

3 min read

Protecting credentials against social engineering: Cyberattack Series

Our fourth installation in the Cyberattack Series examines a smishing and social engineering attack and outlines the steps organizations can take to help minimize the risk and prepare for the possibility.

Conference room or board room meeting with people sitting around table in a room with international time clocks, and a map projection.

Oct 26, 2023

4 min read

An integrated incident response solution with Microsoft and PwC

Microsoft Incident Response and PwC have announced a new global alliance to expand their joint Incident Response and Recovery capability. In this partnership, Microsoft IR will begin the initial containment and investigation of a cyber incident, while PwC will work on securely rebuilding and restoring mission-critical system, providing customers with a more comprehensive and seamless incident response experience.

Microsoft Incident Response Posts

StilachiRAT analysis: From system reconnaissance to cryptocurrency theft

Build a stronger security strategy with proactive and reactive incident response: Cyberattack Series

The art and science behind Microsoft threat hunting: Part 3

How to boost your incident response readiness

Microsoft Incident Response tips for managing a mass password reset

New Microsoft Incident Response guide helps simplify cyberthreat investigations

How Microsoft Incident Response and Microsoft Defender for Identity work together to detect and respond to cyberthreats

New Microsoft Incident Response guides help security teams analyze suspicious activity

New Microsoft Incident Response team guide shares best practices for security teams and leaders

Microsoft Incident Response lessons on preventing cloud identity compromise

Protecting credentials against social engineering: Cyberattack Series

An integrated incident response solution with Microsoft and PwC

Get started with Microsoft Security