{"id":125667,"date":"2023-02-08T09:00:00","date_gmt":"2023-02-08T17:00:00","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?p=125667"},"modified":"2023-06-21T06:14:57","modified_gmt":"2023-06-21T13:14:57","slug":"solving-one-of-nobeliums-most-novel-attacks-cyberattack-series","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/02\/08\/solving-one-of-nobeliums-most-novel-attacks-cyberattack-series\/","title":{"rendered":"Solving one of NOBELIUM\u2019s most novel attacks: Cyberattack Series"},"content":{"rendered":"\n<p>Our story begins with eight <a href=\"https:\/\/www.microsoft.com\/security\/business\/services\/microsoft-security-services-incident-response\">Microsoft Detection and Response Team<\/a> (DART) analysts gathered around a customer\u2019s conference room to solve a cybersecurity mystery. Joined by members of the customer\u2019s cybersecurity team, they were there to figure out how a Russia-based nation-state hacking group known as NOBELIUM had bypassed authentication checks and impersonated users to gain access to its data. This attack, later known as MagicWeb, wasn\u2019t so much a whodunit as a how-done-it.<\/p>\n\n\n\n<p>To discover potential security threats like MagicWeb, Microsoft DART uses the trillions of security signals that Microsoft tracks daily that help provide broad and deep insight into the threat landscape. Microsoft DART and the Microsoft Threat Intelligence Center (MSTIC) work together to find bad actors, understand their tactics, techniques, and procedures (TTPs), and alert the organizations that are, or could be, at risk. As with any observed nation-state actor activity, Microsoft directly notifies customers that have been targeted or compromised, providing them with the information they need to secure their accounts. In some cases, the notified customers will engage with Microsoft DART and other industry partners on investigations, gathering new insights and disrupting the threat actors at each stage of the campaign.<\/p>\n\n\n\n<p>NOBELIUM is an advanced and persistent adversary because of its tenacious attacks and ever-evolving TTPs. Most attackers play an impressive game of checkers, but increasingly we see advanced persistent threat actors playing a masterclass-level game of chess.<\/p>\n\n\n\n<p>MagicWeb is a great example of NOBELIUM\u2019s advanced attacks and was <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2022\/08\/24\/magicweb-nobeliums-post-compromise-trick-to-authenticate-as-anyone\/\">first profiled by Microsoft in August 2022<\/a>. It was the first time that a Global Assembly Cache (GAC) implant was seen in the wild. This malware, later named MagicWeb, allows the attacker to authenticate as anyone in a targeted network and maintain persistent access to the customer environment they compromised. The team quickly homed in on examining certificate irregularities, which helped to solve the incident. The key to understanding MagicWeb lay in highly privileged certifications that NOBELIUM used to move laterally to gain administrative privileges to an Active Directory Federation Services (AD FS) system. The team discovered that NOBELIUM was using a compromised dynamic link library (DLL) that lived in an obscure GAC, a machine-wide cache for the common language infrastructure in the .NET framework.<\/p>\n\n\n\n<p><strong><u><a href=\"https:\/\/go.microsoft.com\/fwlink\/?linkid=2224415\" target=\"_blank\" rel=\"noreferrer noopener\">Read the report<\/a><\/u><\/strong> to go deeper into the details of the attack, including NOBELIUM\u2019s tactics, the response activity, and lessons that other organizations can learn from this case.<\/p>\n\n\n\n<p><strong>What is the Cyberattack Series?<br><\/strong><br>With this new Cyberattack series, customers will discover how Microsoft incident responders investigate unique and notable exploits. For each attack story, we will share:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>How the attack happened<\/li>\n\n\n\n<li>How the breach was discovered<\/li>\n\n\n\n<li>Microsoft\u2019s investigation and eviction of the threat actor<\/li>\n\n\n\n<li>Strategies to avoid similar attacks<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Learn more<\/h2>\n\n\n\n<p>To learn more about Microsoft incident response capabilities, <a href=\"https:\/\/www.microsoft.com\/security\/business\/services\/microsoft-security-services-incident-response\">visit our&nbsp;website<\/a> or reach out to your Microsoft account manager or Premier Support contact.&nbsp;<\/p>\n\n\n\n<p>To learn more about Microsoft Security solutions,&nbsp;<a href=\"https:\/\/www.microsoft.com\/security\/\">visit our&nbsp;website<\/a>.&nbsp;Bookmark the&nbsp;<a href=\"https:\/\/www.microsoft.com\/security\/blog\/\">Security blog<\/a>&nbsp;to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (<a href=\"https:\/\/www.linkedin.com\/showcase\/microsoft-security\/\" target=\"_blank\" rel=\"noreferrer noopener\">Microsoft Security<\/a>) and Twitter (<a href=\"https:\/\/twitter.com\/@MSFTSecurity\" target=\"_blank\" rel=\"noreferrer noopener\">@MSFTSecurity<\/a>)&nbsp;for the latest news and updates on cybersecurity.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This is the first in an ongoing series exploring some of the most notable cases of the Microsoft Detection and Response Team (DART), which investigates cyberattacks on behalf of our customers. The Cyberattack Series takes you behind the scenes for an inside look at the investigation and share lessons that you can apply to better protect your own organization. In this story, we\u2019ll explore how NOBELIUM continues to target identity providers with novel attacks\u2014and how Microsoft DART identified one of NOBELIUM\u2018s most creative exploits yet.\u200b <\/p>\n","protected":false},"author":162,"featured_media":125763,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"ep_exclude_from_search":false,"_classifai_error":"","footnotes":""},"content-type":[3659],"topic":[3674,3688],"products":[3720],"threat-intelligence":[],"tags":[],"coauthors":[3308,2064],"class_list":["post-125667","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","content-type-best-practices","topic-incident-response","topic-threat-trends","products-microsoft-security-experts"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Prevent cyberattacks with Microsoft Incident Response | Microsoft Security Blog<\/title>\n<meta name=\"description\" content=\"Learn how Microsoft incident response identified NOBELIUM&#039;s MagicWeb cyberattack and evicted this advanced persistent threat.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/02\/08\/solving-one-of-nobeliums-most-novel-attacks-cyberattack-series\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Prevent cyberattacks with Microsoft Incident Response | Microsoft Security Blog\" \/>\n<meta property=\"og:description\" content=\"Learn how Microsoft incident response identified NOBELIUM&#039;s MagicWeb cyberattack and evicted this advanced persistent threat.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/02\/08\/solving-one-of-nobeliums-most-novel-attacks-cyberattack-series\/\" \/>\n<meta property=\"og:site_name\" content=\"Microsoft Security Blog\" \/>\n<meta property=\"article:published_time\" content=\"2023-02-08T17:00:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-06-21T13:14:57+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2023\/01\/MS_Suzuka_Cybercrime-Blog_Cover-Image-1200x900_v1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"600\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Microsoft Security Experts, Microsoft Incident Response\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2023\/01\/MS_Suzuka_Cybercrime-Blog_Cover-Image-1200x900_v1.jpg\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Microsoft Security Experts, Microsoft Incident Response\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/02\/08\/solving-one-of-nobeliums-most-novel-attacks-cyberattack-series\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/02\/08\/solving-one-of-nobeliums-most-novel-attacks-cyberattack-series\/\"},\"author\":[{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/microsoft-security-experts\/\",\"@type\":\"Person\",\"@name\":\"Microsoft Security Experts\"},{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/detection-and-response-team-dart\/\",\"@type\":\"Person\",\"@name\":\"Microsoft Incident Response\"}],\"headline\":\"Solving one of NOBELIUM\u2019s most novel attacks: Cyberattack Series\",\"datePublished\":\"2023-02-08T17:00:00+00:00\",\"dateModified\":\"2023-06-21T13:14:57+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/02\/08\/solving-one-of-nobeliums-most-novel-attacks-cyberattack-series\/\"},\"wordCount\":537,\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/02\/08\/solving-one-of-nobeliums-most-novel-attacks-cyberattack-series\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2023\/01\/MS_Suzuka_Cybercrime-Blog_Cover-Image-1200x900_v1.jpg\",\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/02\/08\/solving-one-of-nobeliums-most-novel-attacks-cyberattack-series\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/02\/08\/solving-one-of-nobeliums-most-novel-attacks-cyberattack-series\/\",\"name\":\"Prevent cyberattacks with Microsoft Incident Response | Microsoft Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/02\/08\/solving-one-of-nobeliums-most-novel-attacks-cyberattack-series\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/02\/08\/solving-one-of-nobeliums-most-novel-attacks-cyberattack-series\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2023\/01\/MS_Suzuka_Cybercrime-Blog_Cover-Image-1200x900_v1.jpg\",\"datePublished\":\"2023-02-08T17:00:00+00:00\",\"dateModified\":\"2023-06-21T13:14:57+00:00\",\"description\":\"Learn how Microsoft incident response identified NOBELIUM's MagicWeb cyberattack and evicted this advanced persistent threat.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/02\/08\/solving-one-of-nobeliums-most-novel-attacks-cyberattack-series\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/02\/08\/solving-one-of-nobeliums-most-novel-attacks-cyberattack-series\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/02\/08\/solving-one-of-nobeliums-most-novel-attacks-cyberattack-series\/#primaryimage\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2023\/01\/MS_Suzuka_Cybercrime-Blog_Cover-Image-1200x900_v1.jpg\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2023\/01\/MS_Suzuka_Cybercrime-Blog_Cover-Image-1200x900_v1.jpg\",\"width\":800,\"height\":600,\"caption\":\"Multicolor arrows pointing towards a center dot, with a yellow diamond filled with 1\u2019s and 0\u2019s and a bug crawling towards it to suggest malware.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/02\/08\/solving-one-of-nobeliums-most-novel-attacks-cyberattack-series\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Solving one of NOBELIUM\u2019s most novel attacks: Cyberattack Series\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\",\"name\":\"Microsoft Security Blog\",\"description\":\"Expert coverage of cybersecurity topics\",\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\",\"name\":\"Microsoft Security Blog\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png\",\"width\":512,\"height\":512,\"caption\":\"Microsoft Security Blog\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Prevent cyberattacks with Microsoft Incident Response | Microsoft Security Blog","description":"Learn how Microsoft incident response identified NOBELIUM's MagicWeb cyberattack and evicted this advanced persistent threat.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/02\/08\/solving-one-of-nobeliums-most-novel-attacks-cyberattack-series\/","og_locale":"en_US","og_type":"article","og_title":"Prevent cyberattacks with Microsoft Incident Response | Microsoft Security Blog","og_description":"Learn how Microsoft incident response identified NOBELIUM's MagicWeb cyberattack and evicted this advanced persistent threat.","og_url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/02\/08\/solving-one-of-nobeliums-most-novel-attacks-cyberattack-series\/","og_site_name":"Microsoft Security Blog","article_published_time":"2023-02-08T17:00:00+00:00","article_modified_time":"2023-06-21T13:14:57+00:00","og_image":[{"width":800,"height":600,"url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2023\/01\/MS_Suzuka_Cybercrime-Blog_Cover-Image-1200x900_v1.jpg","type":"image\/jpeg"}],"author":"Microsoft Security Experts, Microsoft Incident Response","twitter_card":"summary_large_image","twitter_image":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2023\/01\/MS_Suzuka_Cybercrime-Blog_Cover-Image-1200x900_v1.jpg","twitter_misc":{"Written by":"Microsoft Security Experts, Microsoft Incident Response","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/02\/08\/solving-one-of-nobeliums-most-novel-attacks-cyberattack-series\/#article","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/02\/08\/solving-one-of-nobeliums-most-novel-attacks-cyberattack-series\/"},"author":[{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/microsoft-security-experts\/","@type":"Person","@name":"Microsoft Security Experts"},{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/detection-and-response-team-dart\/","@type":"Person","@name":"Microsoft Incident Response"}],"headline":"Solving one of NOBELIUM\u2019s most novel attacks: Cyberattack Series","datePublished":"2023-02-08T17:00:00+00:00","dateModified":"2023-06-21T13:14:57+00:00","mainEntityOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/02\/08\/solving-one-of-nobeliums-most-novel-attacks-cyberattack-series\/"},"wordCount":537,"publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/02\/08\/solving-one-of-nobeliums-most-novel-attacks-cyberattack-series\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2023\/01\/MS_Suzuka_Cybercrime-Blog_Cover-Image-1200x900_v1.jpg","inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/02\/08\/solving-one-of-nobeliums-most-novel-attacks-cyberattack-series\/","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/02\/08\/solving-one-of-nobeliums-most-novel-attacks-cyberattack-series\/","name":"Prevent cyberattacks with Microsoft Incident Response | Microsoft Security Blog","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/02\/08\/solving-one-of-nobeliums-most-novel-attacks-cyberattack-series\/#primaryimage"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/02\/08\/solving-one-of-nobeliums-most-novel-attacks-cyberattack-series\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2023\/01\/MS_Suzuka_Cybercrime-Blog_Cover-Image-1200x900_v1.jpg","datePublished":"2023-02-08T17:00:00+00:00","dateModified":"2023-06-21T13:14:57+00:00","description":"Learn how Microsoft incident response identified NOBELIUM's MagicWeb cyberattack and evicted this advanced persistent threat.","breadcrumb":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/02\/08\/solving-one-of-nobeliums-most-novel-attacks-cyberattack-series\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/02\/08\/solving-one-of-nobeliums-most-novel-attacks-cyberattack-series\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/02\/08\/solving-one-of-nobeliums-most-novel-attacks-cyberattack-series\/#primaryimage","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2023\/01\/MS_Suzuka_Cybercrime-Blog_Cover-Image-1200x900_v1.jpg","contentUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2023\/01\/MS_Suzuka_Cybercrime-Blog_Cover-Image-1200x900_v1.jpg","width":800,"height":600,"caption":"Multicolor arrows pointing towards a center dot, with a yellow diamond filled with 1\u2019s and 0\u2019s and a bug crawling towards it to suggest malware."},{"@type":"BreadcrumbList","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/02\/08\/solving-one-of-nobeliums-most-novel-attacks-cyberattack-series\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/"},{"@type":"ListItem","position":2,"name":"Solving one of NOBELIUM\u2019s most novel attacks: Cyberattack Series"}]},{"@type":"WebSite","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/","name":"Microsoft Security Blog","description":"Expert coverage of cybersecurity topics","publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization","name":"Microsoft Security Blog","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png","contentUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png","width":512,"height":512,"caption":"Microsoft Security Blog"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/"}}]}},"msxcm_display_generated_audio":false,"distributor_meta":false,"distributor_terms":false,"distributor_media":false,"distributor_original_site_name":"Microsoft Security Blog","distributor_original_site_url":"https:\/\/www.microsoft.com\/en-us\/security\/blog","push-errors":false,"_links":{"self":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/125667"}],"collection":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/users\/162"}],"replies":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/comments?post=125667"}],"version-history":[{"count":0,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/125667\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/media\/125763"}],"wp:attachment":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/media?parent=125667"}],"wp:term":[{"taxonomy":"content-type","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/content-type?post=125667"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/topic?post=125667"},{"taxonomy":"products","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/products?post=125667"},{"taxonomy":"threat-intelligence","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/threat-intelligence?post=125667"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/tags?post=125667"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/coauthors?post=125667"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}