{"id":92805,"date":"2021-02-04T13:00:57","date_gmt":"2021-02-04T21:00:57","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/?p=92805"},"modified":"2023-08-10T14:00:06","modified_gmt":"2023-08-10T21:00:06","slug":"sophisticated-cybersecurity-threats-demand-collaborative-global-response","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/02\/04\/sophisticated-cybersecurity-threats-demand-collaborative-global-response\/","title":{"rendered":"Sophisticated cybersecurity threats demand collaborative, global response"},"content":{"rendered":"<blockquote>\n<div><b>UPDATE:<\/b> Microsoft continues to work with partners and customers to expand our knowledge of the threat actor behind the nation-state cyberattacks that compromised the supply chain of SolarWinds and impacted multiple other organizations. Microsoft previously used &#8216;Solorigate&#8217; as the primary designation for the actor, but moving forward, we want to place appropriate focus on the actors behind the sophisticated attacks, rather than one of the examples of malware used by the actors. Microsoft Threat Intelligence Center (MSTIC) <u><a tabindex=\"-1\" title=\"https:\/\/nam06.safelinks.protection.outlook.com\/?url=https%3a%2f%2fwww.microsoft.com%2fsecurity%2fblog%2f2021%2f03%2f04%2fgoldmax-goldfinder-sibot-analyzing-nobelium-malware%2f&amp;data=04%7c01%7ccokuts%40microsoft.com%7cdf7c0a40bd4a46f5d88008d8df31daf8%7c72f988bf86f141af91ab2d7cd011db47%7c1%7c0%7c637504752502613902%7cunknown%7ctwfpbgzsb3d8eyjwijoimc4wljawmdailcjqijoiv2lumziilcjbtii6ik1hawwilcjxvci6mn0%3d%7c1000&amp;sdata=wvwsvf9abhtixdzgkzm66fwwvpxc%2bd0a1f%2bvrumygay%3d&amp;reserved=0\" href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/03\/04\/goldmax-goldfinder-sibot-analyzing-nobelium-malware\/\" target=\"_blank\" rel=\"noreferrer noopener\">has named the actor<\/a><\/u> behind the attack against SolarWinds, the SUNBURST backdoor, TEARDROP malware, and related components as NOBELIUM. As we release new content and analysis, we will use NOBELIUM to refer to the actor and the campaign of attacks and we have updated references appropriate in this document below.<\/div>\n<\/blockquote>\n<p><strong>Microsoft\u2019s response to Nobelium<\/strong><\/p>\n<p>Since December, the United States, its government, and other critical institutions including security firms have been addressing the world\u2019s latest serious nation-state cyberattack, sometimes referred to as \u2018Solorigate\u2019 or \u2018SUNBURST\u2019 and now referred to as Nobelium. As we shared earlier this is a moment of reckoning for our industry and needs a unified response of defenders across public and private sectors. Microsoft is committed to protecting our customers and safeguarding our communities and we are proud to partner with industry partners to respond to this attack and strengthen our collective defenses. We believe transparency and clarity are important for strong cybersecurity and in that spirit, we are sharing information about some commonly asked questions. We look forward to serving and protecting our customers and communities.<\/p>\n<p><strong>Question: What has Microsoft\u2019s role been in the Nobelium incident?<\/strong><\/p>\n<p><strong>Answer:<\/strong><\/p>\n<p>As Brad Smith wrote on December 17, 2020, this is a <strong><a href=\"https:\/\/blogs.microsoft.com\/on-the-issues\/2020\/12\/17\/cyberattacks-cybersecurity-solarwinds-fireeye\/\" target=\"_blank\" rel=\"noopener noreferrer\">moment of reckoning for security<\/a><\/strong>. We believe the Nobelium incident is an opportunity for the industry to work together to share information, strengthen defenses, and respond to attacks. We are proud to be part of the collaborative work being done to empower the defender community. Over the past two months, there have been several disclosures related to the actor, Nobelium and Microsoft has had a unique perspective from several angles:<\/p>\n<ul>\n<li>Helping investigate with FireEye.<\/li>\n<li>Using indicators to find unusual activity and notifying customers and partners.<\/li>\n<li>Helping with customer investigations.<\/li>\n<li>Investigating our own environment.<\/li>\n<\/ul>\n<p>In all of our investigations to date, data hosted in Microsoft services (including email) was sometimes a target in the incidents, but the attacker had gained privileged credentials in some other way.<\/p>\n<p><a href=\"https:\/\/aka.ms\/solorigate\" target=\"_blank\" rel=\"noopener noreferrer\">Find the latest findings and guidance on Nobelium here<\/a>.<\/p>\n<p><strong>Question: With your broad engagement, you\u2019ve been criticized for not disclosing details as soon as you knew about them. How do you respond?<\/strong><\/p>\n<p><strong>Answer:<\/strong><\/p>\n<p>We believe the Nobelium incident is an opportunity for the industry to work together to share information, strengthen defenses, and respond to attacks.<\/p>\n<p>We have a very talented and experienced cybersecurity response team. In those situations where we provide investigative support to other organizations, we are restricted from sharing details. In these engagements, as well as when we notify organizations, those organizations have control in deciding what details they disclose and when they disclose them.<\/p>\n<p>Additionally, investigations sometimes discover early indicators that require further research before they are actionable. Taking the time to thoroughly investigate incidents is necessary in order to provide the best guidance to the broader security community, our customers, and our partners.<\/p>\n<p>We share actionable information regularly on our Nobelium\u00a0<a href=\"https:\/\/aka.ms\/solorigate\" target=\"_blank\" rel=\"noopener noreferrer\">resource center<\/a>, and we are committed to providing additional updates if and when we discover new information to help inform and enable the community.<\/p>\n<p><strong>Question: The Cybersecurity &amp; Infrastructure Security Agency (CISA) says other attack vectors have been discovered apart from SolarWinds. Has Microsoft in any way been an initial entry point for the Nobelium?<\/strong><\/p>\n<p><strong>Answer:<\/strong><\/p>\n<p>No. In our investigations to date, data hosted in Microsoft services (including email) was sometimes a target in the incidents, but the attacker had gained privileged credentials in some other way.<\/p>\n<p>From the beginning, we have said that we believe this is a sophisticated actor that has many tools in its toolkit, so it is not a surprise that a sophisticated actor would also use other methods to gain access to targets. In our investigations and through collaboration with our industry peers, we have confirmed several additional compromise techniques leveraged by the actor, including password spraying, spearphishing, use of webshell, through a web server, and delegated credentials.<\/p>\n<p>As we learn more from our engagements, we will continue to improve our security products and share learnings with the community. For the most up-to-date information and guidance, please <a href=\"https:\/\/aka.ms\/solorigate\" target=\"_blank\" rel=\"noopener noreferrer\">visit our resource center<\/a>.<\/p>\n<p><strong>Question: What should we know about the Microsoft notifications to customers? Does that mean you detected a compromise in Microsoft services?<\/strong><\/p>\n<p><strong>Answer:<\/strong><\/p>\n<p>No, it means our telemetry indicated unusual activity in authorized accounts.<\/p>\n<p>As part of the investigative team working with FireEye, we were able to analyze the attacker&#8217;s behavior with a forensic investigation and identify unusual technical indicators that would not be associated with normal user interactions. We then used our telemetry to search for those indicators and identify organizations where credentials had likely been compromised by Nobelium.<\/p>\n<p>Microsoft directly notifies the affected customers to provide the indicators they need to investigate the observed behavior with their organizational knowledge and within their specific context.<\/p>\n<p><strong>Question: Some have interpreted the wording in the SolarWinds 8K to mean that they were made aware of or were investigating an attack vector related to Microsoft Office 365. Has that been investigated?<\/strong><\/p>\n<p><strong>The 8K wording is, <em>\u201cSolarWinds uses Microsoft Office 365 for its email and office productivity tools. SolarWinds was made aware of an attack vector that was used to compromise the Company\u2019s emails and may have provided access to other data contained in the Company\u2019s office productivity tools.\u201d<\/em><\/strong><\/p>\n<p><strong>Answer:<\/strong><\/p>\n<p>We have investigated thoroughly and have found no evidence they were attacked via Office 365. The wording of the SolarWinds 8K filing was unfortunately ambiguous, leading to erroneous interpretation and speculation, which is not supported by the results of our investigation. SolarWinds has confirmed these findings <a href=\"https:\/\/orangematter.solarwinds.com\/2021\/02\/03\/findings-from-our-ongoing-investigations\/\" target=\"_blank\" rel=\"noopener noreferrer\">in their blog<\/a> on February 3, 2021.<\/p>\n<p><strong>Question: Reuters broke news on December 17, 2020, <\/strong><a href=\"https:\/\/www.reuters.com\/article\/us-global-cyber-microsoft-idUSKBN28R3BY\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>alleging<\/strong><\/a><strong> that &#8220;Microsoft&#8217;s own products were then used to further the attacks&#8221; and saying it was not immediately clear &#8220;how many Microsoft users were affected by the tainted products.&#8221; Is that article accurate?<\/strong><\/p>\n<p><strong>Answer:<\/strong><\/p>\n<p>No, it is not accurate. As we said at the time, and based upon all investigations since, we have found no indications that our systems were used to attack others. Data hosted in Microsoft services (including email) were sometimes a post-compromise target of attack, but only after an attacker had gained privileged credentials in some other way.<\/p>\n<p><strong>Question: Some companies say the hackers entered its systems via Microsoft products. Do you dispute this?<\/strong><\/p>\n<p><strong>Answer:<\/strong><\/p>\n<p>We\u2019ve investigated each situation as we became aware of it and in each case, data hosted in Microsoft services (including email) were a target in the incident, but the attacker had gained privileged credentials in another way.<\/p>\n<p><strong>Question: When did Microsoft know about being attacked by\u00a0Nobelium?<\/strong><\/p>\n<p><strong>Answer:<\/strong><\/p>\n<p>Our security teams work continually to protect users, devices, and data from ongoing threats to our environment, but the investigations specifically focused on the Nobelium actor began when we became aware of the malicious SolarWinds applications.<\/p>\n<p>We published a\u00a0<a href=\"https:\/\/msrc-blog.microsoft.com\/2020\/12\/31\/microsoft-internal-solorigate-investigation-update\/\" target=\"_blank\" rel=\"noopener noreferrer\">Microsoft Internal Investigation Update<\/a> on December 31, 2020, and will provide another update soon.<\/p>\n<p><strong>Question: Given how serious Nobelium is, what can be done? What is the big takeaway?<\/strong><\/p>\n<p><strong>Answer:<\/strong><\/p>\n<p>The cybersecurity industry has long been aware that sophisticated and well-funded actors were theoretically capable of advanced techniques, patience, and operating below the radar, but this incident has proven that it isn\u2019t just theoretical.<\/p>\n<p>We believe the Nobelium incident has proven the benefit of the industry working together to share information, strengthen defenses, and respond to attacks.<\/p>\n<p>Additionally, the attacks have reinforced two key points that the industry has been advocating for a while now\u2014defense-in-depth protections and embracing a zero trust mindset.<\/p>\n<p>Defense-in-depth protections and best practices are really important because each layer of defense provides an extra opportunity to detect an attack and take action before they get closer to valuable assets. We saw this ourselves in our internal investigation, where we found evidence of attempted activities that were thwarted by defense-in-depth protections. So, we again want to reiterate the value of industry best practices such as <a href=\"https:\/\/docs.microsoft.com\/en-us\/security\/compass\/compass\" target=\"_blank\" rel=\"noopener noreferrer\">outlined here<\/a>, and implementing Privileged Access Workstations (<a href=\"https:\/\/aka.ms\/paw\" target=\"_blank\" rel=\"noopener noreferrer\">PAW<\/a>) as part of a strategy to protect privileged accounts.<\/p>\n<p>A zero trust, \u201cassume breach\u201d philosophy is an important approach to defense. Many of the techniques we\u2019ve observed are post-compromise techniques, so security companies and Microsoft are looking for ways to improve detections and provide protection even when an attacker gains unauthorized access.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Since December, the United States, its government, and other critical institutions including security firms have been addressing the world\u2019s latest serious nation-state cyberattack, sometimes referred to as \u2018Solorigate\u2019 or \u2018SUNBURST.\u2019 As we shared earlier this is a moment of reckoning for our industry and needs a unified response of defenders across public and private sectors.<\/p>\n","protected":false},"author":96,"featured_media":92806,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"ep_exclude_from_search":false,"_classifai_error":"","footnotes":""},"content-type":[3662],"topic":[3688],"products":[],"threat-intelligence":[],"tags":[3822,3813],"coauthors":[1916],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Sophisticated cybersecurity threats demand collaborative, global response | Microsoft Security Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/02\/04\/sophisticated-cybersecurity-threats-demand-collaborative-global-response\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Sophisticated cybersecurity threats demand collaborative, global response | Microsoft Security Blog\" \/>\n<meta property=\"og:description\" content=\"Since December, the United States, its government, and other critical institutions including security firms have been addressing the world\u2019s latest serious nation-state cyberattack, sometimes referred to as \u2018Solorigate\u2019 or \u2018SUNBURST.\u2019 As we shared earlier this is a moment of reckoning for our industry and needs a unified response of defenders across public and private sectors.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/02\/04\/sophisticated-cybersecurity-threats-demand-collaborative-global-response\/\" \/>\n<meta property=\"og:site_name\" content=\"Microsoft Security Blog\" \/>\n<meta property=\"article:published_time\" content=\"2021-02-04T21:00:57+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-08-10T21:00:06+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/02\/Win17_15021_00_N12-scaled.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"2560\" \/>\n\t<meta property=\"og:image:height\" content=\"1821\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Microsoft Security Team\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Microsoft Security Team\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/02\/04\/sophisticated-cybersecurity-threats-demand-collaborative-global-response\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/02\/04\/sophisticated-cybersecurity-threats-demand-collaborative-global-response\/\"},\"author\":[{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/microsoft-secure-blog-staff\/\",\"@type\":\"Person\",\"@name\":\"Microsoft Security Team\"}],\"headline\":\"Sophisticated cybersecurity threats demand collaborative, global response\",\"datePublished\":\"2021-02-04T21:00:57+00:00\",\"dateModified\":\"2023-08-10T21:00:06+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/02\/04\/sophisticated-cybersecurity-threats-demand-collaborative-global-response\/\"},\"wordCount\":1453,\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/02\/04\/sophisticated-cybersecurity-threats-demand-collaborative-global-response\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/02\/Win17_15021_00_N12-scaled.jpg\",\"keywords\":[\"Microsoft Security Insights\",\"Solorigate\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/02\/04\/sophisticated-cybersecurity-threats-demand-collaborative-global-response\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/02\/04\/sophisticated-cybersecurity-threats-demand-collaborative-global-response\/\",\"name\":\"Sophisticated cybersecurity threats demand collaborative, global response | Microsoft Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/02\/04\/sophisticated-cybersecurity-threats-demand-collaborative-global-response\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/02\/04\/sophisticated-cybersecurity-threats-demand-collaborative-global-response\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/02\/Win17_15021_00_N12-scaled.jpg\",\"datePublished\":\"2021-02-04T21:00:57+00:00\",\"dateModified\":\"2023-08-10T21:00:06+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/02\/04\/sophisticated-cybersecurity-threats-demand-collaborative-global-response\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/02\/04\/sophisticated-cybersecurity-threats-demand-collaborative-global-response\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/02\/04\/sophisticated-cybersecurity-threats-demand-collaborative-global-response\/#primaryimage\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/02\/Win17_15021_00_N12-scaled.jpg\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/02\/Win17_15021_00_N12-scaled.jpg\",\"width\":2560,\"height\":1821,\"caption\":\"Microsoft Cyber Defense Operations Center\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/02\/04\/sophisticated-cybersecurity-threats-demand-collaborative-global-response\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Sophisticated cybersecurity threats demand collaborative, global response\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\",\"name\":\"Microsoft Security Blog\",\"description\":\"Expert coverage of cybersecurity topics\",\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\",\"name\":\"Microsoft Security Blog\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png\",\"width\":512,\"height\":512,\"caption\":\"Microsoft Security Blog\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Sophisticated cybersecurity threats demand collaborative, global response | Microsoft Security Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/02\/04\/sophisticated-cybersecurity-threats-demand-collaborative-global-response\/","og_locale":"en_US","og_type":"article","og_title":"Sophisticated cybersecurity threats demand collaborative, global response | Microsoft Security Blog","og_description":"Since December, the United States, its government, and other critical institutions including security firms have been addressing the world\u2019s latest serious nation-state cyberattack, sometimes referred to as \u2018Solorigate\u2019 or \u2018SUNBURST.\u2019 As we shared earlier this is a moment of reckoning for our industry and needs a unified response of defenders across public and private sectors.","og_url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/02\/04\/sophisticated-cybersecurity-threats-demand-collaborative-global-response\/","og_site_name":"Microsoft Security Blog","article_published_time":"2021-02-04T21:00:57+00:00","article_modified_time":"2023-08-10T21:00:06+00:00","og_image":[{"width":2560,"height":1821,"url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/02\/Win17_15021_00_N12-scaled.jpg","type":"image\/jpeg"}],"author":"Microsoft Security Team","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Microsoft Security Team","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/02\/04\/sophisticated-cybersecurity-threats-demand-collaborative-global-response\/#article","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/02\/04\/sophisticated-cybersecurity-threats-demand-collaborative-global-response\/"},"author":[{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/microsoft-secure-blog-staff\/","@type":"Person","@name":"Microsoft Security Team"}],"headline":"Sophisticated cybersecurity threats demand collaborative, global response","datePublished":"2021-02-04T21:00:57+00:00","dateModified":"2023-08-10T21:00:06+00:00","mainEntityOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/02\/04\/sophisticated-cybersecurity-threats-demand-collaborative-global-response\/"},"wordCount":1453,"publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/02\/04\/sophisticated-cybersecurity-threats-demand-collaborative-global-response\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/02\/Win17_15021_00_N12-scaled.jpg","keywords":["Microsoft Security Insights","Solorigate"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/02\/04\/sophisticated-cybersecurity-threats-demand-collaborative-global-response\/","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/02\/04\/sophisticated-cybersecurity-threats-demand-collaborative-global-response\/","name":"Sophisticated cybersecurity threats demand collaborative, global response | Microsoft Security Blog","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/02\/04\/sophisticated-cybersecurity-threats-demand-collaborative-global-response\/#primaryimage"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/02\/04\/sophisticated-cybersecurity-threats-demand-collaborative-global-response\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/02\/Win17_15021_00_N12-scaled.jpg","datePublished":"2021-02-04T21:00:57+00:00","dateModified":"2023-08-10T21:00:06+00:00","breadcrumb":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/02\/04\/sophisticated-cybersecurity-threats-demand-collaborative-global-response\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/02\/04\/sophisticated-cybersecurity-threats-demand-collaborative-global-response\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/02\/04\/sophisticated-cybersecurity-threats-demand-collaborative-global-response\/#primaryimage","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/02\/Win17_15021_00_N12-scaled.jpg","contentUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/02\/Win17_15021_00_N12-scaled.jpg","width":2560,"height":1821,"caption":"Microsoft Cyber Defense Operations Center"},{"@type":"BreadcrumbList","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/02\/04\/sophisticated-cybersecurity-threats-demand-collaborative-global-response\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/"},{"@type":"ListItem","position":2,"name":"Sophisticated cybersecurity threats demand collaborative, global response"}]},{"@type":"WebSite","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/","name":"Microsoft Security Blog","description":"Expert coverage of cybersecurity topics","publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization","name":"Microsoft Security Blog","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png","contentUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png","width":512,"height":512,"caption":"Microsoft Security Blog"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/"}}]}},"distributor_meta":false,"distributor_terms":false,"distributor_media":false,"distributor_original_site_name":"Microsoft Security Blog","distributor_original_site_url":"https:\/\/www.microsoft.com\/en-us\/security\/blog","push-errors":false,"_links":{"self":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/92805"}],"collection":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/users\/96"}],"replies":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/comments?post=92805"}],"version-history":[{"count":0,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/92805\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/media\/92806"}],"wp:attachment":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/media?parent=92805"}],"wp:term":[{"taxonomy":"content-type","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/content-type?post=92805"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/topic?post=92805"},{"taxonomy":"products","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/products?post=92805"},{"taxonomy":"threat-intelligence","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/threat-intelligence?post=92805"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/tags?post=92805"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/coauthors?post=92805"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}